2015-08-28 Mike Frysinger [BZ #18887] * misc/Makefile (tests): Add tst-mntent-blank-corrupt and tst-mntent-blank-passno. * misc/mntent_r.c (__getmntent_r): Do not read past buffer[0]. * misc/tst-mntent-blank-corrupt.c: New test. * misc/tst-mntent-blank-passno.c: New test ripped from ... * misc/tst-mntent.c (do_test): ... here. diff --git a/misc/Makefile b/misc/Makefile index aecb0da..2f5edf6 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -76,7 +76,8 @@ install-lib := libg.a gpl2lgpl := error.c error.h tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \ - tst-error1 tst-pselect tst-insremque tst-mntent2 bug-hsearch1 + tst-error1 tst-pselect tst-insremque tst-mntent2 bug-hsearch1 \ + tst-mntent-blank-corrupt tst-mntent-blank-passno ifeq ($(run-built-tests),yes) tests-special += $(objpfx)tst-error1-mem.out endif diff --git a/misc/mntent_r.c b/misc/mntent_r.c index 6159873..4f26998 100644 --- a/misc/mntent_r.c +++ b/misc/mntent_r.c @@ -136,7 +136,9 @@ __getmntent_r (FILE *stream, struct mntent *mp, char *buffer, int bufsiz) end_ptr = strchr (buffer, '\n'); if (end_ptr != NULL) /* chop newline */ { - while (end_ptr[-1] == ' ' || end_ptr[-1] == '\t') + /* Do not walk past the start of buffer if it's all whitespace. */ + while (end_ptr != buffer + && (end_ptr[-1] == ' ' || end_ptr[-1] == '\t')) end_ptr--; *end_ptr = '\0'; } diff --git a/misc/tst-mntent-blank-corrupt.c b/misc/tst-mntent-blank-corrupt.c new file mode 100644 index 0000000..92266a3 --- /dev/null +++ b/misc/tst-mntent-blank-corrupt.c @@ -0,0 +1,45 @@ +/* Make sure blank lines does not cause memory corruption BZ #18887. + + Copyright (C) 2009-2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +/* Make sure blank lines don't trigger memory corruption. This doesn't happen + for all targets though, so it's a best effort test BZ #18887. */ +static int +do_test (void) +{ + FILE *fp; + + fp = tmpfile (); + fputs ("\n \n/foo\\040dir /bar\\040dir auto bind \t \n", fp); + rewind (fp); + + /* The corruption happens here ... */ + getmntent (fp); + /* ... but trigers here. */ + endmntent (fp); + + /* If the test failed, we would crash, and not hit this point. */ + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/misc/tst-mntent-blank-passno.c b/misc/tst-mntent-blank-passno.c new file mode 100644 index 0000000..fc04291 --- /dev/null +++ b/misc/tst-mntent-blank-passno.c @@ -0,0 +1,53 @@ +/* Make sure trailing whitespace is handled properly BZ #17273. + + Copyright (C) 2009-2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +/* Check entries to make sure trailing whitespace is ignored and we return the + correct passno value BZ #17273. */ +static int +do_test (void) +{ + int result = 0; + FILE *fp; + struct mntent *mnt; + + fp = tmpfile (); + fputs ("/foo\\040dir /bar\\040dir auto bind \t \n", fp); + rewind (fp); + + mnt = getmntent (fp); + if (strcmp (mnt->mnt_fsname, "/foo dir") != 0 + || strcmp (mnt->mnt_dir, "/bar dir") != 0 + || strcmp (mnt->mnt_type, "auto") != 0 + || strcmp (mnt->mnt_opts, "bind") != 0 + || mnt->mnt_freq != 0 + || mnt->mnt_passno != 0) + { + puts ("Error while reading entry with trailing whitespaces"); + result = 1; + } + + return result; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/misc/tst-mntent.c b/misc/tst-mntent.c index 932fd3f..b6ad8af 100644 --- a/misc/tst-mntent.c +++ b/misc/tst-mntent.c @@ -73,26 +73,6 @@ do_test (void) puts ("Error while reading written entry back in"); result = 1; } - - /* Part III: Entry with whitespaces at the end of a line. */ - rewind (fp); - - fputs ("/foo\\040dir /bar\\040dir auto bind \t \n", fp); - - rewind (fp); - - mnt = getmntent (fp); - - if (strcmp (mnt->mnt_fsname, "/foo dir") != 0 - || strcmp (mnt->mnt_dir, "/bar dir") != 0 - || strcmp (mnt->mnt_type, "auto") != 0 - || strcmp (mnt->mnt_opts, "bind") != 0 - || mnt->mnt_freq != 0 - || mnt->mnt_passno != 0) - { - puts ("Error while reading entry with trailing whitespaces"); - result = 1; - } } return result; -- 2.5.1