[Toybox] [PATCH] Re: modinfo...

[Isaac]

modinfo: support -b basedir and -k kernel.release, fix two bugs
Add two less-frequently used flags for modinfo; -b specifies an alternate
root and -k replaces the output of uname -r.

Additionally, avoid a potential overflow in sprintf, 
and correct an inverted test.

On Sun, Jun 23, 2013 at 02:39:14PM -0500, Rob Landley wrote:
> 
> Except it's still xopen(), so it'll abort if unable to open the
> file, but return error if it can't map it. (And leak the
> filehandle.) Hmmm... all modinfo_file() actually uses is the
> filename, no reason to go through dirtree() for that... Nothing is
> actually _checking_ the return value of modinfo_file()... Huh, and
> this thing is doing a blob of global data (I try to combine globals
> into the union)...
> 
> Checking in a cleanup on top of your commit. (And I need to dig up
> the -b patch...)

The cleanup looks to have broken -F. Ah, it's line 23 (!strcmp -> strcmp)
I could split the patch out, but it's one line.

Now to add -b (and maybe -k, which specifies a kernel version instead of 
using uname).
Ok, pretty simple.
And all this shows up one hole:
/toybox modinfo -b $(for a in `seq 40960`; \
do printf /; done ) ath5k
Segmentation fault

There's a potential overflow whenever user-controlled text is copied into
toybuf.  So I decided to change sprintf to 
snprintf(toybuf, sizeof(toybuf), string, ...)
If snprintf returns sizeof(toybuf), it didn't find enough space for the final
"\0", so we need to exit.
 
> Thanks,
> 
> Rob

HTH,
Isaac Dunham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modinfo-basedir.diff
Type: text/x-diff
Size: 1580 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20130624/b17e38be/attachment-0007.diff>