diff options
author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2019-07-31 17:00:58 +0200 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2019-07-31 17:00:58 +0200 |
commit | d087d778ffb62e2713cb848540bcc819470365bd (patch) | |
tree | d69692a274dd1c7d0672e6bb7155a0fc106f9d49 /backend/as6e.c | |
parent | c8bd2513ecba169cff44c09c8058c36987357b18 (diff) | |
parent | 3759ce55ba79b8d3b9d8ed247a252273ee7dade3 (diff) |
Merge branch 'feature/upstream' into develop
Diffstat (limited to 'backend/as6e.c')
-rw-r--r-- | backend/as6e.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/backend/as6e.c b/backend/as6e.c index 76241fb..37a6d3b 100644 --- a/backend/as6e.c +++ b/backend/as6e.c @@ -799,7 +799,7 @@ check_for_driver (const char *devname) char *path; char fullname[NAMESIZE]; char dir[NAMESIZE]; - int count = 0, offset = 0; + int count = 0, offset = 0, valid; path = getenv ("PATH"); if (!path) @@ -808,21 +808,29 @@ check_for_driver (const char *devname) { memset (fullname, '\0', sizeof (fullname)); memset (dir, '\0', sizeof (dir)); + valid = 1; while ((path[count] != ':') && (path[count] != '\0')) { - dir[count - offset] = path[count]; + /* prevent writing data, which are out of bounds */ + if ((unsigned int)(count - offset) < sizeof (dir)) + dir[count - offset] = path[count]; + else + valid = 0; count++; } - /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */ - strncpy (fullname, dir, sizeof(fullname)-1); - /* take into account that fullname already contains non-null bytes */ - strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1); - strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1); - if (!stat (fullname, &statbuf)) + if (valid == 1) { - modes = statbuf.st_mode; - if (S_ISREG (modes)) - return (1); /* found as6edriver */ + /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */ + strncpy (fullname, dir, sizeof(fullname)-1); + /* take into account that fullname already contains non-null bytes */ + strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1); + strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1); + if (!stat (fullname, &statbuf)) + { + modes = statbuf.st_mode; + if (S_ISREG (modes)) + return (1); /* found as6edriver */ + } } if (path[count] == '\0') return (0); /* end of path --no driver found */ |