libweston: Make module loading safe against long paths

Avoid any buffer overflows here by checking we don't go over PATH_MAX
with stupid module names.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
dev
Daniel Stone 8 years ago
parent 698f9bf854
commit beb97e5f79
  1. 15
      compositor/main.c
  2. 15
      libweston/compositor.c

@ -766,19 +766,28 @@ wet_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR"); const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX]; char path[PATH_MAX];
void *module, *init; void *module, *init;
size_t len;
if (name == NULL) if (name == NULL)
return NULL; return NULL;
if (name[0] != '/') { if (name[0] != '/') {
if (builddir) if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); len = snprintf(path, sizeof path, "%s/.libs/%s", builddir,
name);
else else
snprintf(path, sizeof path, "%s/%s", MODULEDIR, name); len = snprintf(path, sizeof path, "%s/%s", MODULEDIR,
name);
} else { } else {
snprintf(path, sizeof path, "%s", name); len = snprintf(path, sizeof path, "%s", name);
} }
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) { if (module) {
weston_log("Module '%s' already loaded\n", path); weston_log("Module '%s' already loaded\n", path);

@ -5225,19 +5225,28 @@ weston_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR"); const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX]; char path[PATH_MAX];
void *module, *init; void *module, *init;
size_t len;
if (name == NULL) if (name == NULL)
return NULL; return NULL;
if (name[0] != '/') { if (name[0] != '/') {
if (builddir) if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); len = snprintf(path, sizeof path, "%s/.libs/%s",
builddir, name);
else else
snprintf(path, sizeof path, "%s/%s", LIBWESTON_MODULEDIR, name); len = snprintf(path, sizeof path, "%s/%s",
LIBWESTON_MODULEDIR, name);
} else { } else {
snprintf(path, sizeof path, "%s", name); len = snprintf(path, sizeof path, "%s", name);
} }
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) { if (module) {
weston_log("Module '%s' already loaded\n", path); weston_log("Module '%s' already loaded\n", path);

Loading…
Cancel
Save