[hackers] [skvm] Several bug fixes, code re-organization and security precautions. || Dimitrios Papastamos

From: <hg_AT_suckless.org>
Date: Tue, 5 May 2009 15:31:57 +0000 (UTC)

changeset: 9:595ebf5a15ab
tag: tip
user: Dimitrios Papastamos <stateless [at] archlinux.us>
date: Tue May 05 16:31:40 2009 -0700
files: skvm.c
description:
Several bug fixes, code re-organization and security precautions.

diff -r 06b22c31a8ae -r 595ebf5a15ab skvm.c
--- a/skvm.c Tue May 05 03:33:12 2009 -0700
+++ b/skvm.c Tue May 05 16:31:40 2009 -0700
@@ -117,7 +117,7 @@
  * a new device is inserted */
 static int is_mounted(const char *dev);
 static char *get_mount_point(const char *dev, const char *label);
-static int resolve_symlink(const char *f, char *d, size_t d_len);
+static int resolve_symlink(const char *symlnk, char *d, size_t d_len);
 static void consider_fstab(struct device_t *device);
 static void do_args(struct device_t *device);
 static int do_mount(struct device_t *device);
@@ -430,16 +430,17 @@
 static char *
 get_mount_point(const char *dev, const char *label) {
    const char *extra;
- char *mountp;
+ char *mountp, *dev_tmp;
    size_t len;
    struct dirent *dirent;
    DIR *dir;
 
- if (!is_mounted(dev))
+ if (!is_mounted(dev) || !(dev_tmp = strrchr(dev, '/')))
       return NULL;
 
- len = strlen(strrchr(dev, '/') + 1) + 1 + strlen(BASE_MNT_DIR);
- extra = strrchr(dev, '/') + 1;
+ ++dev_tmp;
+ len = strlen(dev_tmp) + 1 + strlen(BASE_MNT_DIR);
+ extra = dev_tmp;
    if (label && strcmp(label, "")) {
       if ((dir = opendir(BASE_MNT_DIR))) {
          dirent = readdir(dir);
@@ -466,15 +467,15 @@
  * to a file whose path is defined relative to the symlink.
  */
 static int
-resolve_symlink(const char *restrict f, char *restrict d, size_t d_len) {
+resolve_symlink(const char *restrict symlnk, char *restrict d, size_t d_len) {
    char file[d_len], buf[d_len];
    ssize_t len;
- size_t f_len = strlen(f) + 1;
+ size_t f_len = strlen(symlnk) + 1;
    struct stat bf;
 
    if (f_len > d_len)
       return -1;
- memcpy(file, f, f_len);
+ memcpy(file, symlnk, f_len);
    do {
       len = readlink(file, buf, sizeof(buf) - 1);
       if (len < 0) {
@@ -503,14 +504,13 @@
 consider_fstab(struct device_t *device) {
    FILE *fp, *mtab;
    struct mntent *entry, *i;
- char rlink[1024], *tmp, *str, *did = NULL;
+ char rlink[1024], *tmp, *str, *did;
    size_t len;
 
    if (!device)
       return;
 
- fp = setmntent("/etc/fstab", "r");
- if (!fp)
+ if (!(fp = setmntent("/etc/fstab", "r")))
       return;
 
    if ((did = strrchr(device->did, '/'))) {
@@ -524,8 +524,8 @@
 
    while ((entry = getmntent(fp))) {
       if (!strcmp(device->dev, entry->mnt_fsname)
- || (strstr(entry->mnt_fsname, "UUID=")
- && did && strstr(entry->mnt_fsname, did))
+ || (did && strstr(entry->mnt_fsname, "UUID=")
+ && strstr(entry->mnt_fsname, did))
             || (strstr(entry->mnt_fsname, "LABEL=")
                 && strstr(entry->mnt_fsname, device->label))
             || (!resolve_symlink(entry->mnt_fsname, rlink, 1024)
@@ -538,14 +538,16 @@
             FREE_WRAP(device->opt);
             device->mountp = tmp;
          } else {
- mtab = setmntent("/etc/mtab", "r");
- if (!mtab)
+ if (!(str = strrchr(device->dev, '/')))
+ break; /* this will cause mount points to be stacked */
+ ++str;
+ if (!(mtab = setmntent("/etc/mtab", "r")))
                goto out;
+ len = strlen(str) + 1 + strlen(BASE_MNT_DIR);
+ tmp = device->mountp;
             while ((i = getmntent(mtab))) {
+ /* check if someone else uses our mount point */
                if (!strcmp(i->mnt_dir, device->mountp)) {
- tmp = device->mountp;
- str = strrchr(device->dev, '/') + 1;
- len = strlen(str) + 1 + strlen(BASE_MNT_DIR);
                   device->mountp = malloc(len);
                   if (!device->mountp) {
                      device->mountp = tmp;
@@ -655,6 +657,8 @@
           (!device->fstype) ? "(null)" : device->fstype);
    printf("Mount options: %s\n",
           (!device->opt) ? DEFAULT_MNT_OPTIONS : device->opt);
+ printf("Mount point: %s\n",
+ (!device->mountp) ? "(null)" : device->mountp);
    printf("~~~~~~~~~~~~~~~~~~~\n");
 }
 
Received on Tue May 05 2009 - 15:31:57 UTC

This archive was generated by hypermail 2.2.0 : Tue May 05 2009 - 15:36:05 UTC