aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNickolai Zeldovich <nickolai@csail.mit.edu>2013-01-08 15:31:18 -0500
committerTheodore Ts'o <tytso@mit.edu>2013-01-08 20:36:48 -0500
commit6dd83548f4193f8bfd7983240471db0d0c7af626 (patch)
tree9613991d3d9004358cd592ff80b5d2c1d53bc23f
parentbf50beb9f6b4c4d4c9f8fc7fc81d716a9ee79218 (diff)
downloade2fsprogs-6dd83548f4193f8bfd7983240471db0d0c7af626.tar.gz
e2fsprogs-6dd83548f4193f8bfd7983240471db0d0c7af626.tar.xz
e2fsprogs-6dd83548f4193f8bfd7983240471db0d0c7af626.zip
e2fsck: do not crash on long log file names
Previously e2fsck would corrupt memory if the log file name was longer than 100 bytes (e.g., a long log_filename value in e2fsck.conf or a pattern that expands out to more than 100 bytes). This was due to incorrectly calling realloc() in append_string() on the struct string instead of the malloc'ed char* buffer, among other problems. This patch fixes the call to realloc() and also ensures that the buffer is grown by sufficiently many bytes (not just by 2x). Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-rw-r--r--e2fsck/logfile.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/e2fsck/logfile.c b/e2fsck/logfile.c
index 9229fbf9..c48b8eb8 100644
--- a/e2fsck/logfile.c
+++ b/e2fsck/logfile.c
@@ -36,19 +36,25 @@ static void alloc_string(struct string *s, int len)
static void append_string(struct string *s, const char *a, int len)
{
+ int needlen;
+
if (!len)
len = strlen(a);
- if (s->end + len >= s->len) {
- char *n = realloc(s, s->len * 2);
+ needlen = s->end + len + 1;
+ if (needlen > s->len) {
+ char *n;
+
+ if (s->len * 2 > needlen)
+ needlen = s->len * 2;
+ n = realloc(s->s, needlen);
if (n) {
s->s = n;
- s->len = s->len * 2;
+ s->len = needlen;
} else {
- len = s->len - s->end - 1;
- if (len <= 0)
- return;
+ /* Don't append if we ran out of memory */
+ return;
}
}
memcpy(s->s + s->end, a, len);