diff options
author | Eric Andersen <andersen@codepoet.org> | 2002-06-08 12:44:17 +0000 |
---|---|---|
committer | Eric Andersen <andersen@codepoet.org> | 2002-06-08 12:44:17 +0000 |
commit | 360060252ae8955123db31c376afad6f3fdc82eb (patch) | |
tree | 2c9afaf518e22478ea9d76e023f8232f243bbbd5 /miscutils | |
parent | 0c789a4255aeb74eb8d9d844c3a48aba18602288 (diff) | |
download | busybox-360060252ae8955123db31c376afad6f3fdc82eb.tar.gz |
vodz' last_patch42_2, which is an updated fix for buffer overflows
noted by Gerardo Puga
Diffstat (limited to 'miscutils')
-rw-r--r-- | miscutils/makedevs.c | 44 |
1 files changed, 19 insertions, 25 deletions
diff --git a/miscutils/makedevs.c b/miscutils/makedevs.c index f55995685..67b28b534 100644 --- a/miscutils/makedevs.c +++ b/miscutils/makedevs.c @@ -17,57 +17,51 @@ int makedevs_main(int argc, char **argv) { - dev_t dev = 0; - mode_t mode = 0; - char *basedev, *type, devname[255], buf[255]; - int major, Sminor, S, E, sbase; + mode_t mode; + char *basedev, *type, *nodname, buf[255]; + int major, Sminor, S, E; if (argc < 7 || *argv[1]=='-') show_usage(); basedev = argv[1]; type = argv[2]; - major = atoi(argv[3]); + major = atoi(argv[3]) << 8; /* correcting param to mknod() */ Sminor = atoi(argv[4]); S = atoi(argv[5]); E = atoi(argv[6]); - sbase = argc == 8 ? 1 : 0; + nodname = argc == 8 ? basedev : buf; + + mode = 0660; switch (type[0]) { case 'c': - mode = S_IFCHR; + mode |= S_IFCHR; break; case 'b': - mode = S_IFBLK; + mode |= S_IFBLK; break; case 'f': - mode = S_IFIFO; + mode |= S_IFIFO; break; default: show_usage(); } - mode |= 0660; while (S <= E) { + int sz; - if (type[0] != 'f') - dev = (major << 8) | Sminor; - safe_strncpy(devname, basedev, sizeof(devname)); + sz = snprintf(buf, sizeof(buf), "%s%d", basedev, S); + if(sz<0 || sz>=sizeof(buf)) /* libc different */ + error_msg_and_die("%s too large", basedev); - if (sbase == 0) { - int len; - len = strlen(devname); - if (S > 10000 || len > (sizeof(devname)-6)) - error_msg_and_die("%s: number too large", buf); - sprintf(buf, "%d", S); - strcat(devname, buf); - } else { - sbase = 0; - } + /* if mode != S_IFCHR and != S_IFBLK third param in mknod() ignored */ - if (mknod(devname, mode, dev)) - printf("Failed to create: %s\n", devname); + if (mknod(nodname, mode, major | Sminor)) + error_msg("Failed to create: %s", nodname); + if (nodname == basedev) /* ex. /dev/hda - to /dev/hda1 ... */ + nodname = buf; S++; Sminor++; } |