mainnika
/
weston
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libweston: Make module loading safe against long paths

Browse Source 
Avoid any buffer overflows here by checking we don't go over PATH_MAX
with stupid module names.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
dev
Daniel Stone 8 years ago
parent 698f9bf854
commit beb97e5f79
2 changed files with 24 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 15
      compositor/main.c
  2. 15
      libweston/compositor.c

15
compositor/main.c
Unescape View File

@ -766,19 +766,28 @@ wet_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR"); const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX]; char path[PATH_MAX];
void *module, *init; void *module, *init;
size_t len;
if (name == NULL) if (name == NULL)
return NULL; return NULL;
if (name[0] != '/') { if (name[0] != '/') {
if (builddir) if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); len = snprintf(path, sizeof path, "%s/.libs/%s", builddir,
name);
else else
snprintf(path, sizeof path, "%s/%s", MODULEDIR, name); len = snprintf(path, sizeof path, "%s/%s", MODULEDIR,
name);
} else { } else {
snprintf(path, sizeof path, "%s", name); len = snprintf(path, sizeof path, "%s", name);
} }
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) { if (module) {
weston_log("Module '%s' already loaded\n", path); weston_log("Module '%s' already loaded\n", path);

15
libweston/compositor.c
Unescape View File

@ -5225,19 +5225,28 @@ weston_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR"); const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX]; char path[PATH_MAX];
void *module, *init; void *module, *init;
size_t len;
if (name == NULL) if (name == NULL)
return NULL; return NULL;
if (name[0] != '/') { if (name[0] != '/') {
if (builddir) if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); len = snprintf(path, sizeof path, "%s/.libs/%s",
builddir, name);
else else
snprintf(path, sizeof path, "%s/%s", LIBWESTON_MODULEDIR, name); len = snprintf(path, sizeof path, "%s/%s",
LIBWESTON_MODULEDIR, name);
} else { } else {
snprintf(path, sizeof path, "%s", name); len = snprintf(path, sizeof path, "%s", name);
} }
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) { if (module) {
weston_log("Module '%s' already loaded\n", path); weston_log("Module '%s' already loaded\n", path);

Write Preview
Loading…
Cancel
Save