Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vm-file-editor: fix potential buffer overflow

Browse Source 
If we're being sent something without a zero byte, we
could happily read off the end of the buffer. Interestingly,
the write part was checking for the max bound.
This commit is contained in:
Vincent Penquerc'h 2013-12-29 07:06:26 -05:00 committed by Marek Marczykowski-Górecki
parent c9a25b8915
commit 11b8f9be20
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qubes-rpc/vm-file-editor.c
View File

@ -28,11 +28,12 @@ char *get_filename()
int i; int i;
if (!read_all(0, buf, sizeof(buf))) if (!read_all(0, buf, sizeof(buf)))
exit(1); exit(1);
buf[DVM_FILENAME_SIZE-1] = 0;
if (index(buf, '/')) { if (index(buf, '/')) {
fprintf(stderr, "filename contains /"); fprintf(stderr, "filename contains /");
exit(1); exit(1);
} }
for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) { for (i=0; buf[i]!=0; i++) {
// replace some characters with _ (eg mimeopen have problems with some of them) // replace some characters with _ (eg mimeopen have problems with some of them)
if (index(" !?\"#$%^&*()[]<>;`~", buf[i])) if (index(" !?\"#$%^&*()[]<>;`~", buf[i]))
buf[i]='_'; buf[i]='_';