[PATCH] mdev regex fix
Denys Vlasenko
vda.linux at googlemail.com
Fri May 23 20:51:44 UTC 2008
On Friday 23 May 2008 14:36, Natanael Copa wrote:
> forgot to attach the patch.
> sorry
>
> On Fri, 2008-05-23 at 14:30 +0200, Natanael Copa wrote:
> > mdev in busybox-1.10.2 has a bug:
> >
> > mdev.conf:
> > zap(.+) root:dialout 0660 =zap/%1
> >
> > When expanding the %1 regex, string will not be terminated with a '\0'
> > properly causing interesting results in /dev.
> >
> > # ls /dev/zap/
> > channel ctlS
ctlT
pseudo timer
> >
> >
> > Attatched patch fixes the issue. (for 1.10.2 + current patches)
Strange. It means that we allocate too small an alias,
because otherwise it would be NUL terminated because of xzalloc!
/* substitute %1..9 with off[1..9], if any */
n = 0;
s = val;
while (*s && *s++ == '%')
n++;
=======> p = alias = xzalloc(strlen(val) + n * strlen(device_name));
s = val + 1;
while (*s) {
*p = *s;
if ('%' == *s) {
i = (s[1] - '0');
if (i <= 9 && off[i].rm_so >= 0) {
n = off[i].rm_eo - off[i].rm_so;
strncpy(p, device_name + off[i].rm_so, n);
p += n - 1;
s++;
}
}
p++;
s++;
}
The replacement string starts at val+1. If val has no '%', its length is
strlen(val+1), with terminating NUL it is strlen(val+1) + 1 == strlen(val).
Each '%' is substituted by device_name at max (meaning: it can be substituted
by just a part of device_name, or the whole device_name). We have n '%' chars,
so we need at most strlen(val) + n * strlen(device_name) chars, including NUL.
In your example:
mdev.conf:
zap(.+) root:dialout 0660 =zap/%1
strlen(val) + n * strlen(device_name) == 7 + strlen(device_name).
If device_name == "zap.ctlT", it's 7+8 = 15, and it's enough for "zap/ctlT".
I am obviously wrong somewhere, but I don't see where.
--
vda
More information about the busybox
mailing list