From: Thomas Veerman Date: Fri, 13 Jul 2012 16:08:06 +0000 (+0000) Subject: VFS: Use safe string copy functions X-Git-Tag: v3.2.1~452 X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/addsub.png?a=commitdiff_plain;h=77dbd766c1cf94735eb1e385d6ce9f84e6807565;p=minix.git VFS: Use safe string copy functions --- diff --git a/servers/vfs/comm.c b/servers/vfs/comm.c index 7a96875ec..6358ecb7e 100644 --- a/servers/vfs/comm.c +++ b/servers/vfs/comm.c @@ -83,7 +83,7 @@ void fs_sendmore(struct vmnt *vmp) worker->w_next = NULL; sending--; assert(sending >= 0); - sendmsg(vmp, worker->w_job.j_fp); + (void) sendmsg(vmp, worker->w_job.j_fp); } /*===========================================================================* diff --git a/servers/vfs/dmap.c b/servers/vfs/dmap.c index 347b14de4..5ce4f73fc 100644 --- a/servers/vfs/dmap.c +++ b/servers/vfs/dmap.c @@ -77,7 +77,7 @@ int do_mapdriver() * map_driver * *===========================================================================*/ int map_driver(label, major, proc_nr_e, style, flags) -const char *label; /* name of the driver */ +const char label[LABEL_MAX]; /* name of the driver */ int major; /* major number of the device */ endpoint_t proc_nr_e; /* process number of the driver */ int style; /* style of the device */ @@ -120,7 +120,7 @@ int flags; /* device flags */ len = strlen(label); if (len+1 > sizeof(dp->dmap_label)) panic("VFS: map_driver: label too long: %d", len); - strcpy(dp->dmap_label, label); + strlcpy(dp->dmap_label, label, LABEL_MAX); } /* Store driver I/O routines based on type of device */ diff --git a/servers/vfs/exec.c b/servers/vfs/exec.c index d4f933ace..2f6acb82e 100644 --- a/servers/vfs/exec.c +++ b/servers/vfs/exec.c @@ -140,7 +140,7 @@ static int get_read_vp(struct vfs_exec_info *execi, char *cp = strrchr(fullpath, '/'); if(cp) cp++; else cp = fullpath; - strncpy(execi->args.progname, cp, sizeof(execi->args.progname)-1); + strlcpy(execi->args.progname, cp, sizeof(execi->args.progname)); execi->args.progname[sizeof(execi->args.progname)-1] = '\0'; } @@ -243,7 +243,7 @@ int pm_exec(endpoint_t proc_e, vir_bytes path, size_t path_len, /* Get the exec file name. */ FAILCHECK(fetch_name(path, path_len, fullpath)); - strcpy(finalexec, fullpath); + strlcpy(finalexec, fullpath, PATH_MAX); /* Get_read_vp will return an opened vn in execi. * if necessary it releases the existing vp so we can @@ -261,9 +261,9 @@ int pm_exec(endpoint_t proc_e, vir_bytes path, size_t path_len, * args to stack and retrieve the new binary * name into fullpath. */ - FAILCHECK(fetch_name(path, path_len, fullpath)); + FAILCHECK(fetch_name(path, path_len, fullpath)); FAILCHECK(patch_stack(execi.vp, mbuf, &frame_len, fullpath)); - strcpy(finalexec, fullpath); + strlcpy(finalexec, fullpath, PATH_MAX); Get_read_vp(execi, fullpath, 1, 0, &resolve, fp); } @@ -287,13 +287,13 @@ int pm_exec(endpoint_t proc_e, vir_bytes path, size_t path_len, } /* Remember it */ - strcpy(execi.execname, finalexec); + strlcpy(execi.execname, finalexec, PATH_MAX); /* The executable we need to execute first (loader) * is in elf_interpreter, and has to be in fullpath to * be looked up */ - strcpy(fullpath, elf_interpreter); + strlcpy(fullpath, elf_interpreter, PATH_MAX); Get_read_vp(execi, fullpath, 0, 0, &resolve, fp); } @@ -344,7 +344,7 @@ int pm_exec(endpoint_t proc_e, vir_bytes path, size_t path_len, } /* Remember the new name of the process */ - strcpy(rfp->fp_name, execi.args.progname); + strlcpy(rfp->fp_name, execi.args.progname, PROC_NAME_LEN); pm_execfinal: if (execi.vp != NULL) { @@ -440,7 +440,7 @@ static int stack_prepare_elf(struct vfs_exec_info *execi, char *frame, size_t *f /* Empty space starts here; we can put the name here. */ spacestart = (char *) a; - strcpy(spacestart, execi->execname); + strlcpy(spacestart, execi->execname, PATH_MAX); /* What will the address of the string for the user be */ userp = *newsp + (spacestart-frame); @@ -585,7 +585,7 @@ int replace /* Reposition the strings by offset bytes */ memmove(stack + a1 + offset, stack + a1, old_bytes - a1); - strcpy(stack + a0, arg); /* Put arg in the new space. */ + strlcpy(stack + a0, arg, PATH_MAX); /* Put arg in the new space. */ if (!replace) { /* Make space for a new argv[0]. */ diff --git a/servers/vfs/filedes.c b/servers/vfs/filedes.c index 6e1ce8c30..936addcc1 100644 --- a/servers/vfs/filedes.c +++ b/servers/vfs/filedes.c @@ -85,7 +85,8 @@ void init_filps(void) struct filp *f; for (f = &filp[0]; f < &filp[NR_FILPS]; f++) { - mutex_init(&f->filp_lock, NULL); + if (mutex_init(&f->filp_lock, NULL) != 0) + panic("Failed to initialize filp mutex"); } } diff --git a/servers/vfs/link.c b/servers/vfs/link.c index 128dc1909..6ca231b57 100644 --- a/servers/vfs/link.c +++ b/servers/vfs/link.c @@ -237,7 +237,7 @@ int do_rename() put_vnode(old_dirp); return(ENAMETOOLONG); } - strcpy(old_name, fullpath); + strlcpy(old_name, fullpath, PATH_MAX); /* See if 'name2' (new name) exists. Get dir inode */ lookup_init(&resolve, fullpath, PATH_NOFLAGS, &newvmp, &new_dirp); diff --git a/servers/vfs/misc.c b/servers/vfs/misc.c index 7711c7b79..98cc99019 100644 --- a/servers/vfs/misc.c +++ b/servers/vfs/misc.c @@ -138,6 +138,7 @@ int do_dup() unlock_filp(f); /* or it might deadlock on do_close */ (void) close_fd(fp, rfd2); /* cannot fail */ f = get_filp(rfd, VNODE_READ); /* lock old_fd again */ + if (f == NULL) return(err_code); } } @@ -661,7 +662,8 @@ int do_svrctl() r = OK; } else if (!strcmp(search_key, "active_threads")) { int active = NR_WTHREADS - worker_available(); - sprintf(small_buf, "%d", active); + snprintf(small_buf, sizeof(small_buf) - 1, + "%d", active); sysgetenv.vallen = strlen(small_buf); r = OK; } diff --git a/servers/vfs/mount.c b/servers/vfs/mount.c index d949543e1..93b2b664b 100644 --- a/servers/vfs/mount.c +++ b/servers/vfs/mount.c @@ -317,7 +317,7 @@ char mount_label[LABEL_MAX] ) * Nothing else can go wrong. Perform the mount. */ new_vmp->m_root_node = root_node; new_vmp->m_mounted_on = NULL; - strcpy(new_vmp->m_label, mount_label); + strlcpy(new_vmp->m_label, mount_label, LABEL_MAX); if (is_nonedev(dev)) alloc_nonedev(dev); update_bspec(dev, fs_e, 0 /* Don't send new driver endpoint */); @@ -364,7 +364,7 @@ char mount_label[LABEL_MAX] ) /* Nothing else can go wrong. Perform the mount. */ new_vmp->m_mounted_on = vp; new_vmp->m_root_node = root_node; - strcpy(new_vmp->m_label, mount_label); + strlcpy(new_vmp->m_label, mount_label, LABEL_MAX); /* Allocate the pseudo device that was found, if not using a real device. */ if (is_nonedev(dev)) alloc_nonedev(dev); @@ -404,7 +404,7 @@ void mount_pfs(void) vmp->m_dev = dev; vmp->m_fs_e = PFS_PROC_NR; - strcpy(vmp->m_label, "pfs"); + strlcpy(vmp->m_label, "pfs", LABEL_MAX); rfp = &fproc[_ENDPOINT_P(PFS_PROC_NR)]; rfp->fp_flags |= FP_SYS_PROC; /* PFS is a driver and an FS */ @@ -447,7 +447,7 @@ int do_umount(void) */ if (strlen(label) >= M3_LONG_STRING) /* should never evaluate to true */ label[M3_LONG_STRING-1] = 0; - strcpy(m_out.umount_label, label); + strlcpy(m_out.umount_label, label, M3_LONG_STRING); return(OK); } @@ -457,7 +457,7 @@ int do_umount(void) *===========================================================================*/ int unmount( dev_t dev, /* block-special device */ - char *label /* buffer to retrieve label, or NULL */ + char label[LABEL_MAX] /* buffer to retrieve label, or NULL */ ) { struct vnode *vp; @@ -510,7 +510,7 @@ int unmount( if (is_nonedev(vmp->m_dev)) free_nonedev(vmp->m_dev); - if (label != NULL) strcpy(label, vmp->m_label); + if (label != NULL) strlcpy(label, vmp->m_label, LABEL_MAX); if (vmp->m_root_node) { /* PFS lacks a root node */ vmp->m_root_node->v_ref_count = 0; diff --git a/servers/vfs/path.c b/servers/vfs/path.c index 386fae80c..b3baf5815 100644 --- a/servers/vfs/path.c +++ b/servers/vfs/path.c @@ -209,16 +209,16 @@ struct fproc *rfp; /* Just an entry in the current working directory. Prepend * "./" in front of the path and resolve it. */ - strncpy(dir_entry, resolve->l_path, NAME_MAX); + strlcpy(dir_entry, resolve->l_path, NAME_MAX+1); dir_entry[NAME_MAX] = '\0'; resolve->l_path[0] = '.'; resolve->l_path[1] = '\0'; } else if (cp[1] == '\0') { /* Path ends in a slash. The directory entry is '.' */ - strcpy(dir_entry, "."); + strlcpy(dir_entry, ".", NAME_MAX+1); } else { /* A path name for the directory and a directory entry */ - strncpy(dir_entry, cp+1, NAME_MAX); + strlcpy(dir_entry, cp+1, NAME_MAX+1); cp[1] = '\0'; dir_entry[NAME_MAX] = '\0'; } @@ -243,7 +243,7 @@ struct fproc *rfp; * symlink, then we're not at the last directory, yet. */ /* Copy the directory entry back to user_fullpath */ - strncpy(resolve->l_path, dir_entry, NAME_MAX + 1); + strlcpy(resolve->l_path, dir_entry, NAME_MAX + 1); /* Look up the directory entry, but do not follow the symlink when it * is one. @@ -323,7 +323,7 @@ struct fproc *rfp; } /* Copy the directory entry back to user_fullpath */ - strncpy(resolve->l_path, dir_entry, NAME_MAX + 1); + strlcpy(resolve->l_path, dir_entry, NAME_MAX + 1); /* Turn PATH_RET_SYMLINK flag back on if it was on */ if (ret_on_symlink) resolve->l_flags |= PATH_RET_SYMLINK; @@ -571,7 +571,7 @@ char ename[NAME_MAX + 1]; cur = (struct dirent *) (buf + consumed); if (entry->v_inode_nr == cur->d_ino) { /* found the entry we were looking for */ - strncpy(ename, cur->d_name, NAME_MAX); + strlcpy(ename, cur->d_name, NAME_MAX+1); ename[NAME_MAX] = '\0'; return(OK); } @@ -601,7 +601,7 @@ struct fproc *rfp; struct lookup resolve; dir_vp = NULL; - strncpy(temp_path, orig_path, PATH_MAX); + strlcpy(temp_path, orig_path, PATH_MAX); temp_path[PATH_MAX - 1] = '\0'; /* First resolve path to the last directory holding the file */ @@ -620,7 +620,7 @@ struct fproc *rfp; /* dir_vp points to dir and resolve path now contains only the * filename. */ - strncpy(orig_path, temp_path, NAME_MAX); /* Store file name */ + strlcpy(orig_path, temp_path, NAME_MAX+1); /* Store file name */ /* check if the file is a symlink, if so resolve it */ r = rdlink_direct(orig_path, temp_path, rfp); @@ -629,7 +629,7 @@ struct fproc *rfp; break; /* encountered a symlink -- loop again */ - strncpy(orig_path, temp_path, PATH_MAX - 1); + strlcpy(orig_path, temp_path, PATH_MAX); symloop++; } while (symloop < SYMLOOP_MAX); @@ -646,7 +646,7 @@ struct fproc *rfp; * here we start building up the canonical path by climbing up the tree */ while (dir_vp != rfp->fp_rd) { - strcpy(temp_path, ".."); + strlcpy(temp_path, "..", NAME_MAX+1); /* check if we're at the root node of the file system */ if (dir_vp->v_vmnt->m_root_node == dir_vp) { diff --git a/servers/vfs/proto.h b/servers/vfs/proto.h index e41883b2a..fea576dd4 100644 --- a/servers/vfs/proto.h +++ b/servers/vfs/proto.h @@ -149,7 +149,7 @@ int is_nonedev(dev_t dev); void mount_pfs(void); int mount_fs(dev_t dev, char fullpath[PATH_MAX+1], endpoint_t fs_e, int rdonly, char mount_label[LABEL_MAX]); -int unmount(dev_t dev, char *label); +int unmount(dev_t dev, char label[LABEL_MAX]); void unmount_all(void); /* open.c */ diff --git a/servers/vfs/utility.c b/servers/vfs/utility.c index dc5a55019..b69945e85 100644 --- a/servers/vfs/utility.c +++ b/servers/vfs/utility.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include "file.h" #include "fproc.h" @@ -44,11 +45,9 @@ inline int copy_name( size_t len, char *dest) if (len <= M3_STRING) { /* Just copy the path from the message */ - unsigned int count = 0; rpu = &dest[0]; rpm = job_m_in.pathname; /* contained in input message */ - for (count = 0; count <= len; count++) - *rpu++ = *rpm++; + strncpy(dest, job_m_in.pathname, len); } else { /* String is not contained in the message. */ err_code = EINVAL;