rpms/util-linux
6
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
util-linux/0018-libblkid-use-snprintf-instead-of-sprintf.patch
Karel Zak 4c1825e975 mount: improve --all documentation 
- libblkid: Fix probe_ioctl_tp assigning BLKGETDISKSEQ as physical
- libblkid: use snprintf() instead of sprintf()

Resolves: RHEL-119786 RHEL-121120 RHEL-123170
2025-10-23 11:58:46 +02:00

60 lines
2.1 KiB
Diff
Raw Permalink Blame History

From e00af23ce51151a5a2e7b207dbe8d1bc715e4bd1 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 6 Oct 2025 15:04:24 +0200
Subject: libblkid: use snprintf() instead of sprintf()
Replace sprintf() calls with snprintf() to ensure proper bounds
checking when formatting strings.
In encode.c, the check now validates snprintf() return value instead
of pre-checking buffer size, providing more robust error handling.
In probe.c, snprintf() is used with proper size calculation based on
remaining buffer space.
Addresses: https://issues.redhat.com/browse/RHEL-121120
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit 041380f4ca7244df624bf7efdb5e27fdd3144175)
---
libblkid/src/encode.c | 6 ++++--
libblkid/src/probe.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/libblkid/src/encode.c b/libblkid/src/encode.c
index 8213873ee..4b83f6690 100644
--- a/libblkid/src/encode.c
+++ b/libblkid/src/encode.c
@@ -191,9 +191,11 @@ int blkid_encode_string(const char *str, char *str_enc, size_t len)
j += seqlen;
i += (seqlen-1);
} else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) {
- if (len-j < 4)
+ int rc;
+
+ rc = snprintf(&str_enc[j], len-j, "\\x%02x", (unsigned char) str[i]);
+ if (rc != 4)
goto err;
- sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]);
j += 4;
} else {
if (len-j < 1)
diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
index 76905e197..cd45bcdf7 100644
--- a/libblkid/src/probe.c
+++ b/libblkid/src/probe.c
@@ -1972,8 +1972,8 @@ static void blkid_probe_log_csum_mismatch(blkid_probe pr, size_t n, const void *
int hex_size = min(sizeof(csum_hex), n * 2);
for (int i = 0; i < hex_size; i+=2) {
- sprintf(&csum_hex[i], "%02X", ((const unsigned char *) csum)[i / 2]);
- sprintf(&expected_hex[i], "%02X", ((const unsigned char *) expected)[i / 2]);
+ snprintf(&csum_hex[i], sizeof(csum_hex) - i, "%02X", ((const unsigned char *) csum)[i / 2]);
+ snprintf(&expected_hex[i], sizeof(expected_hex) - i, "%02X", ((const unsigned char *) expected)[i / 2]);
}
ul_debug(
--
2.51.0
Reference in New Issue View Git Blame Copy Permalink