Subject: [merged] gen_init_cpio-avoid-null-pointer-dereference-and-rework-env-expanding.patch removed from -mm tree
To: mina86@xxxxxxxxxx,jj@xxxxxxxxxxxxxx,jkosina@xxxxxxx,keescook@xxxxxxxxxxxx,mm-commits@xxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Wed, 13 Nov 2013 12:39:58 -0800
The patch titled
Subject: gen_init_cpio: avoid NULL pointer dereference and rework env expanding
has been removed from the -mm tree. Its filename was
gen_init_cpio-avoid-null-pointer-dereference-and-rework-env-expanding.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Michal Nazarewicz <mina86@xxxxxxxxxx>
Subject: gen_init_cpio: avoid NULL pointer dereference and rework env expanding
getenv() may return NULL if given environment variable does not exist
which leads to NULL dereference when calling strncat.
Besides that, the environment variable name was copied to a temporary
env_var buffer, but this copying can be avoided by simply using the input
string.
Lastly, the whole loop can be greatly simplified by using the snprintf
function instead of the playing with strncat.
By the way, the current implementation allows a recursive variable
expansion, as in:
$ echo 'out ${A} out ' | A='a ${B} a' B=b /tmp/a
out a b a out
I'm assuming this is just a side effect and not a conscious decision
(especially as this may lead to infinite loop), but I didn't want to
change this behaviour without consulting.
If the current behaviour is deamed incorrect, I'll be happy to send
a patch without recursive processing.
Signed-off-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Jesper Juhl <jj@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
usr/gen_init_cpio.c | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)
diff -puN usr/gen_init_cpio.c~gen_init_cpio-avoid-null-pointer-dereference-and-rework-env-expanding usr/gen_init_cpio.c
--- a/usr/gen_init_cpio.c~gen_init_cpio-avoid-null-pointer-dereference-and-rework-env-expanding
+++ a/usr/gen_init_cpio.c
@@ -382,24 +382,15 @@ error:
static char *cpio_replace_env(char *new_location)
{
char expanded[PATH_MAX + 1];
- char env_var[PATH_MAX + 1];
- char *start;
- char *end;
+ char *start, *end, *var;
- for (start = NULL; (start = strstr(new_location, "${")); ) {
- end = strchr(start, '}');
- if (start < end) {
- *env_var = *expanded = '\0';
- strncat(env_var, start + 2, end - start - 2);
- strncat(expanded, new_location, start - new_location);
- strncat(expanded, getenv(env_var),
- PATH_MAX - strlen(expanded));
- strncat(expanded, end + 1,
- PATH_MAX - strlen(expanded));
- strncpy(new_location, expanded, PATH_MAX);
- new_location[PATH_MAX] = 0;
- } else
- break;
+ while ((start = strstr(new_location, "${")) &&
+ (end = strchr(start + 2, '}'))) {
+ *start = *end = 0;
+ var = getenv(start + 2);
+ snprintf(expanded, sizeof expanded, "%s%s%s",
+ new_location, var ? var : "", end + 1);
+ strcpy(new_location, expanded);
}
return new_location;
_
Patches currently in -mm which might be from mina86@xxxxxxxxxx are
origin.patch
linux-next.patch
debugging-keep-track-of-page-owners-fix-2.patch
debugging-keep-track-of-page-owners-fix-2-fix-fix.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
