62 lines
2.1 KiB
Diff
62 lines
2.1 KiB
Diff
From f5a80bd5d3d478354d6044b6d2b9951fd29a8d59 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
Date: Fri, 18 Mar 2011 16:37:54 +0100
|
|
Subject: [PATCH 66/66] fdasd: buffer overflow when writing to read-only device
|
|
|
|
Description: fdasd: buffer overflow when writing to read-only device
|
|
Symptom: When fdasd tries to write to a read-only disk, it fails with
|
|
a '*** buffer overflow detected ***' error message.
|
|
Problem: It is expected that fdasd cannot write to a read-only disk, and
|
|
such an operation should end with a proper error message. The
|
|
libvtoc code, which writes this message, contains the bug that
|
|
causes the buffer overflow.
|
|
Solution: Directly print the error message, without formatting it first in
|
|
a buffer.
|
|
---
|
|
libvtoc/vtoc.c | 15 +++++----------
|
|
1 files changed, 5 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/libvtoc/vtoc.c b/libvtoc/vtoc.c
|
|
index 36269a4..ae1de8c 100644
|
|
--- a/libvtoc/vtoc.c
|
|
+++ b/libvtoc/vtoc.c
|
|
@@ -146,30 +146,25 @@ static char buffer[85];
|
|
*/
|
|
static void vtoc_error(enum failure why, char *s1, char *s2)
|
|
{
|
|
- char error[LINE_LENGTH];
|
|
-
|
|
switch (why) {
|
|
case unable_to_open:
|
|
- sprintf(error, "%s opening device '%s' failed.\n%s\n",
|
|
+ fprintf(stderr, "\n%s opening device '%s' failed.\n%s\n",
|
|
VTOC_ERROR, s1, s2);
|
|
break;
|
|
case unable_to_seek:
|
|
- sprintf(error, "%s seeking device '%s' failed.\n%s\n",
|
|
+ fprintf(stderr, "\n%s seeking device '%s' failed.\n%s\n",
|
|
VTOC_ERROR, s1, s2);
|
|
break;
|
|
case unable_to_write:
|
|
- sprintf(error, "%s writing to device '%s' failed,\n%s\n",
|
|
+ fprintf(stderr, "\n%s writing to device '%s' failed,\n%s\n",
|
|
VTOC_ERROR, s1, s2);
|
|
break;
|
|
case unable_to_read:
|
|
- sprintf(error, "%s reading from device '%s' failed.\n%s\n",
|
|
+ fprintf(stderr, "\n%s reading from device '%s' failed.\n%s\n",
|
|
VTOC_ERROR, s1, s2);
|
|
break;
|
|
- default: sprintf(error, "Fatal error\n");
|
|
+ default: fprintf(stderr, "\nFatal error\n");
|
|
}
|
|
-
|
|
- fputc('\n', stderr);
|
|
- fputs(error, stderr);
|
|
exit(1);
|
|
}
|
|
|
|
--
|
|
1.7.4
|
|
|