diff options
author | Rich Felker <dalias@aerifal.cx> | 2022-05-15 19:22:05 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2022-05-15 19:26:22 -0400 |
commit | 8974ef2124118e4ed8cad7ee0534b36e5c584c4e (patch) | |
tree | c0c5db948532ad59fa69613f4f50e4fce7351490 /src | |
parent | 751bee0ee727e8d8b003c87cff77ac76f1dbecd6 (diff) | |
download | musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.gz musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.bz2 musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.xz musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.zip |
mntent: fix potential mishandling of extremely long lines
commit 05973dc3bbc1aca9b3c8347de6879ed72147ab3b made it so that lines
longer than INT_MAX can in theory be read, but did not use a suitable
type for the positions determined by sscanf. we could change to using
size_t, but since the signature for getmntent_r does not admit lines
longer than INT_MAX, it does not make sense to support them in the
legacy thread-unsafe form either -- the principle here is that there
should not be an incentive to use the unsafe function to get added
functionality.
Diffstat (limited to 'src')
-rw-r--r-- | src/misc/mntent.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/misc/mntent.c b/src/misc/mntent.c index 962b8767..d404fbe3 100644 --- a/src/misc/mntent.c +++ b/src/misc/mntent.c @@ -2,6 +2,7 @@ #include <string.h> #include <mntent.h> #include <errno.h> +#include <limits.h> static char *internal_buf; static size_t internal_bufsize; @@ -42,6 +43,7 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle } len = strlen(linebuf); + if (len > INT_MAX) continue; for (i = 0; i < sizeof n / sizeof *n; i++) n[i] = len; sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, |