diff options
| author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2020-03-30 21:30:45 +0200 |
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2020-03-30 21:30:45 +0200 |
| commit | ee770c2346eb37e0dcb8b6cf3eaacf3d8efd6bbc (patch) | |
| tree | 58f05092be1a17a939e861f8cadcda1b6ca2ecef /backend/as6e.c | |
| parent | 0da9e21872802cfc6e975b1ebaf9efb9e5934d84 (diff) | |
| parent | fef76e17ed4c607ea73b81279f9ef1d7121be900 (diff) | |
Merge branch 'release/experimental/1.0.29-1_experimental1'experimental/1.0.29-1_experimental1
Diffstat (limited to 'backend/as6e.c')
| -rw-r--r-- | backend/as6e.c | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/backend/as6e.c b/backend/as6e.c index 76241fb..47d8c90 100644 --- a/backend/as6e.c +++ b/backend/as6e.c @@ -797,33 +797,39 @@ check_for_driver (const char *devname) struct stat statbuf; mode_t modes; char *path; - char fullname[NAMESIZE]; char dir[NAMESIZE]; - int count = 0, offset = 0; + int count = 0, offset = 0, valid; path = getenv ("PATH"); if (!path) return 0; while (path[count] != '\0') { - memset (fullname, '\0', sizeof (fullname)); memset (dir, '\0', sizeof (dir)); + valid = 1; while ((path[count] != ':') && (path[count] != '\0')) { - dir[count - offset] = path[count]; + /* prevent writing data, which are out of bounds */ + if ((unsigned int)(count - offset) < sizeof (dir)) + dir[count - offset] = path[count]; + else + valid = 0; count++; } - /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */ - strncpy (fullname, dir, sizeof(fullname)-1); - /* take into account that fullname already contains non-null bytes */ - strncat (fullname, "/", sizeof(fullname)-strlen(fullname)-1); - strncat (fullname, devname, sizeof(fullname)-strlen(fullname)-1); - if (!stat (fullname, &statbuf)) - { - modes = statbuf.st_mode; - if (S_ISREG (modes)) - return (1); /* found as6edriver */ - } + if (valid == 1) + { + char fullname[NAMESIZE]; + int len = snprintf(fullname, sizeof(fullname), "%s/%s", dir, devname); + if ((len > 0) && (len <= (int)sizeof(fullname))) + { + if (!stat (fullname, &statbuf)) + { + modes = statbuf.st_mode; + if (S_ISREG (modes)) + return (1); /* found as6edriver */ + } + } + } if (path[count] == '\0') return (0); /* end of path --no driver found */ count++; |