summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2022-05-15 19:22:05 -0400
committerRich Felker <dalias@aerifal.cx>2022-05-15 19:26:22 -0400
commit8974ef2124118e4ed8cad7ee0534b36e5c584c4e (patch)
treec0c5db948532ad59fa69613f4f50e4fce7351490 /src
parent751bee0ee727e8d8b003c87cff77ac76f1dbecd6 (diff)
downloadmusl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.gz
musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.bz2
musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.tar.xz
musl-8974ef2124118e4ed8cad7ee0534b36e5c584c4e.zip
mntent: fix potential mishandling of extremely long lines
commit 05973dc3bbc1aca9b3c8347de6879ed72147ab3b made it so that lines longer than INT_MAX can in theory be read, but did not use a suitable type for the positions determined by sscanf. we could change to using size_t, but since the signature for getmntent_r does not admit lines longer than INT_MAX, it does not make sense to support them in the legacy thread-unsafe form either -- the principle here is that there should not be an incentive to use the unsafe function to get added functionality.
Diffstat (limited to 'src')
-rw-r--r--src/misc/mntent.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/misc/mntent.c b/src/misc/mntent.c
index 962b8767..d404fbe3 100644
--- a/src/misc/mntent.c
+++ b/src/misc/mntent.c
@@ -2,6 +2,7 @@
#include <string.h>
#include <mntent.h>
#include <errno.h>
+#include <limits.h>
static char *internal_buf;
static size_t internal_bufsize;
@@ -42,6 +43,7 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle
}
len = strlen(linebuf);
+ if (len > INT_MAX) continue;
for (i = 0; i < sizeof n / sizeof *n; i++) n[i] = len;
sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
n, n+1, n+2, n+3, n+4, n+5, n+6, n+7,