diff options
| author |   guenther <guenther@openbsd.org> | 2016-07-06 04:35:12 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2016-07-06 04:35:12 +0000 |
| commit | 623aa1a0c079d81a8150bc6d731cda4e84ea5c76 (patch) | |
| tree | a2554a97bc2ff9e7e55d0ec3c9bc51965e42bd11 | |
| parent | Correctly handle an EOF that occurs prior to the TLS handshake completing. (diff) | |
| download | wireguard-openbsd-623aa1a0c079d81a8150bc6d731cda4e84ea5c76.tar.xz wireguard-openbsd-623aa1a0c079d81a8150bc6d731cda4e84ea5c76.zip | |
Use fstatat() to avoid path surgery.
bug catching and ok millert@
| -rw-r--r-- | lib/libc/gen/devname.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/lib/libc/gen/devname.c b/lib/libc/gen/devname.c index 1009be8b0ae..890f10b32ed 100644 --- a/lib/libc/gen/devname.c +++ b/lib/libc/gen/devname.c @@ -1,4 +1,4 @@ -/* $OpenBSD: devname.c,v 1.12 2015/09/13 08:31:47 guenther Exp $ */ +/* $OpenBSD: devname.c,v 1.13 2016/07/06 04:35:12 guenther Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -37,14 +37,13 @@ #include <limits.h> #include <paths.h> #include <stdbool.h> -#include <stdio.h> #include <string.h> #include <stdlib.h> static char * devname_nodb(dev_t dev, mode_t type) { - static char buf[sizeof(_PATH_DEV) + NAME_MAX]; + static char buf[NAME_MAX + 1]; char *name = NULL; struct dirent *dp; struct stat sb; @@ -52,19 +51,14 @@ devname_nodb(dev_t dev, mode_t type) if ((dirp = opendir(_PATH_DEV)) == NULL) return (NULL); - if (strlcpy(buf, _PATH_DEV, sizeof(buf)) >= sizeof(buf)) - return (NULL); while ((dp = readdir(dirp)) != NULL) { if (dp->d_type != DT_UNKNOWN && DTTOIF(dp->d_type) != type) continue; - buf[sizeof(_PATH_DEV) - 1] = '\0'; - if (strlcat(buf, dp->d_name, sizeof(buf)) >= sizeof(buf)) - continue; - if (lstat(buf, &sb) == -1) - continue; - if (sb.st_rdev != dev || (sb.st_mode & S_IFMT) != type) + if (fstatat(dirfd(dirp), dp->d_name, &sb, AT_SYMLINK_NOFOLLOW) + || sb.st_rdev != dev || (sb.st_mode & S_IFMT) != type) continue; - name = buf + sizeof(_PATH_DEV) - 1; + strlcpy(buf, dp->d_name, sizeof(buf)); + name = buf; break; } closedir(dirp); |