From 3e4414508b409a21b023b9ca4532f62003e0db97 Mon Sep 17 00:00:00 2001
From: "arun@codemovers.org" <arun@codemovers.org>
Date: Fri, 10 Sep 2004 20:54:04 -0700
Subject: [PATCH] udev - read long lines from config files overflow fix

Hi Kay,

On 23:12 Sat 04 Sep     , Kay Sievers wrote:
> Cool, a real bug :)
> Thanks, for the patch. I think it would be better to skip lenghth exceeding
> lines instead of cutting it and continue. While looking at it I restructured
> the buffer reading logic a bit and fixed another stupid bug.
Thanks for the cleanup.

You may have overlooked the fix for udev_config.c(parsing udev.conf) in
your patch.  So, I've adapted the fixes you applied to namedev_parse.c
to this file also.

Also, while 'eating' the whitespace the 'count' doesn't get decremented.
This leads strncpy to copy the number of whitespace minus 1 characters
from the next line. Minus 1 because it copies '\n' from the current
line.

		while (isspace(bufline[0])) {
			bufline++;
+			count--;
		}
		.
		.
		.
		strncpy(line, bufline, count);

Included patch(against udev-030) contains the above fixes as well as
your fixes.


Signed-off-by: Arun Bhanu <arun@codemovers.org>
---
 udev_config.c | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

(limited to 'udev_config.c')

diff --git a/udev_config.c b/udev_config.c
index 19f690c7e8..20b6c75d32 100644
--- a/udev_config.c
+++ b/udev_config.c
@@ -127,7 +127,8 @@ int parse_get_pair(char **orig_string, char **left, char **right)
 
 static int parse_config_file(void)
 {
-	char line[255];
+	char line[LINE_SIZE];
+	char *bufline;
 	char *temp;
 	char *variable;
 	char *value;
@@ -148,32 +149,37 @@ static int parse_config_file(void)
 	/* loop through the whole file */
 	lineno = 0;
 	cur = 0;
-	while (1) {
+	while (cur < bufsize) {
 		count = buf_get_line(buf, bufsize, cur);
-
-		strncpy(line, buf + cur, count);
-		line[count] = '\0';
-		temp = line;
-		lineno++;
-
+		bufline = &buf[cur];
 		cur += count+1;
-		if (cur > bufsize)
-			break;
-
-		dbg_parse("read '%s'", temp);
+		lineno++;
 
-		/* eat the whitespace at the beginning of the line */
-		while (isspace(*temp))
-			++temp;
+		if (count >= LINE_SIZE) {
+			info("line too long, conf line skipped %s, line %d",
+					udev_config_filename, lineno);
+			continue;
+		}
 
 		/* empty line? */
-		if (*temp == 0x00)
+		if (bufline[0] == '\0' || bufline[0] == '\n')
 			continue;
 
+		/* eat the whitespace */
+		while (isspace(bufline[0])) {
+			bufline++;
+			count--;
+		}
+
 		/* see if this is a comment */
-		if (*temp == COMMENT_CHARACTER)
+		if (bufline[0] == COMMENT_CHARACTER)
 			continue;
 
+		strncpy(line, bufline, count);
+		line[count] = '\0';
+		temp = line;
+		dbg_parse("read '%s'", temp);
+
 		retval = parse_get_pair(&temp, &variable, &value);
 		if (retval != 0)
 			info("%s:%d:%Zd: error parsing '%s'",
-- 
cgit v1.2.3-54-g00ecf