diff options
| author | Guillem Jover <guillem@debian.org> | 2004-11-20 22:35:55 +0000 |
|---|---|---|
| committer | Guillem Jover <guillem@debian.org> | 2004-11-20 22:35:55 +0000 |
| commit | f2bc8f18889ad2fa09cad4491dd65d7cc1e8db3d (patch) | |
| tree | 0c94e015fd24c9a2e6fd11db2fe02fe5fd368554 /debian | |
| parent | f6ee5d7c7a2abda3349733b6a0709b1d800e36e9 (diff) | |
Fix possible buffer overrun on linux printk.
Thanks to Neal H. Walfield <neal@cs.uml.edu>.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/18_linux_printk_buffer_overrun.patch | 87 |
2 files changed, 89 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 850a493..0689bc8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,8 @@ gnumach (1:20040915.dfsg.1-1) unstable; urgency=low Thanks to Neal H. Walfield <neal@cs.uml.edu>. * Fix double free and memory loss probing partition table. Thanks to Neal H. Walfield <neal@cs.uml.edu>. + * Fix possible buffer overrun on linux printk. + Thanks to Neal H. Walfield <neal@cs.uml.edu>. -- Guillem Jover <guillem@debian.org> Tue, 16 Nov 2004 07:58:02 +0100 diff --git a/debian/patches/18_linux_printk_buffer_overrun.patch b/debian/patches/18_linux_printk_buffer_overrun.patch new file mode 100644 index 0000000..75bb7ba --- /dev/null +++ b/debian/patches/18_linux_printk_buffer_overrun.patch @@ -0,0 +1,87 @@ +#DPATCHLEVEL=0 + +2004-09-08 Neal H. Walfield <neal@cs.uml.edu> + + * linux/dev/kernel/printk.c: Include <kern/assert.h>. + (printk): Use vsnprintf, not linux_vsprintf to avoid buffer + overruns. + + * kern/printf.c (struct vsnprintf_cookie): New structure. + (snputc): New function. + (vsnprintf): Likewise. + + +Index: linux/dev/kernel/printk.c +=================================================================== +RCS file: /cvsroot/hurd/gnumach/linux/dev/kernel/Attic/printk.c,v +retrieving revision 1.1 +diff -u -p -r1.1 printk.c +--- linux/dev/kernel/printk.c 26 Apr 1999 05:49:36 -0000 1.1 ++++ linux/dev/kernel/printk.c 8 Sep 2004 10:29:05 -0000 +@@ -26,6 +26,7 @@ + #define MACH_INCLUDE + #include <stdarg.h> + #include <asm/system.h> ++#include <kern/assert.h> + + static char buf[2048]; + +@@ -40,14 +41,14 @@ printk (char *fmt, ...) + va_list args; + int n, flags; + extern void cnputc (); +- extern int linux_vsprintf (char *buf, char *fmt,...); + char *p, *msg, *buf_end; + static int msg_level = -1; + + save_flags (flags); + cli (); + va_start (args, fmt); +- n = linux_vsprintf (buf + 3, fmt, args); ++ n = vsnprintf (buf + 3, sizeof (buf) - 3, fmt, args); ++ assert (n <= sizeof (buf) - 3); + buf_end = buf + 3 + n; + va_end (args); + for (p = buf + 3; p < buf_end; p++) +Index: kern/printf.c +=================================================================== +RCS file: /cvsroot/hurd/gnumach/kern/Attic/printf.c,v +retrieving revision 1.2 +diff -u -p -r1.2 printf.c +--- kern/printf.c 23 Jul 2000 00:34:12 -0000 1.2 ++++ kern/printf.c 8 Sep 2004 10:29:06 -0000 +@@ -579,6 +579,34 @@ sprintf(char *buf, const char *fmt, ...) + return (buf - start); + } + ++struct vsnprintf_cookie ++{ ++ char *buf; ++ int index; ++ int max_len; ++}; ++ ++static void ++snputc(char c, vm_offset_t arg) ++{ ++ struct vsnprintf_cookie *cookie = (void *) arg; ++ ++ if (cookie->index < cookie->max_len) ++ cookie->buf[cookie->index ++] = c; ++} ++ ++int ++vsnprintf(char *buf, int size, const char *fmt, va_list args) ++{ ++ struct vsnprintf_cookie cookie ++ = { .buf = buf, .index = 0, .max_len = size }; ++ ++ _doprnt (fmt, &args, snputc, 16, (vm_offset_t)&cookie); ++ cookie.buf[cookie.index] = '\0'; ++ ++ return cookie.index; ++} ++ + + void safe_gets(str, maxlen) + char *str; |