On Wed, 26 Jun 2019 09:12:02 +0200
Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> wrote:
> Hi Antony,
>
> On Wed, Jun 19, 2019 at 01:49:16PM +0300, Antony Pavlov wrote:
> > Tap network interface initialization in sandbox
> > barebox leads to segfault under Debian Buster/Sid.
> >
> > The problem is that strcpy(dev, ifr.ifr_name) inside
> > tap_alloc() tries to alter read-only data passed
> > by tap_probe() and barebox receives SIGSEGV.
> >
> > Signed-off-by: Antony Pavlov <antonynpavlov@xxxxxxxxx>
> > ---
> > drivers/net/tap.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/tap.c b/drivers/net/tap.c
> > index 1fbfa085b1..d7e32f4875 100644
> > --- a/drivers/net/tap.c
> > +++ b/drivers/net/tap.c
> > @@ -14,7 +14,7 @@
> >
> > struct tap_priv {
> > int fd;
> > - char *name;
> > + char name[128];
> > };
> >
> > static int tap_eth_send(struct eth_device *edev, void *packet, int length)
> > @@ -65,7 +65,7 @@ static int tap_probe(struct device_d *dev)
> > int ret = 0;
> >
> > priv = xzalloc(sizeof(struct tap_priv));
> > - priv->name = "barebox";
> > + strncpy(priv->name, "barebox", sizeof(priv->name));
> >
> > priv->fd = tap_alloc(priv->name);
>
> Can we change the prototype of tap_alloc() to something like this:
>
> int tap_alloc(const char *name, int *fd, char **outname);
>
> outname would be an allocated string to be freed by the caller.
There is one problem.
tap_alloc works in the sandbox "os domain" (glibc *alloc&free etc),
the caller works in the "barebox domain" (barebox *alloc&free).
Can we just drop this outname?
nobody actually use it at the moment.
--
Best regards,
Antony Pavlov
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
