Buffer overrun in find_real_root_device()
David Vrabel
dvrabel at arcom.co.uk
Thu Jul 27 08:36:05 UTC 2000
Package: busybox
Version: 0.45
Severity: normal
There is a buffer overrun in find_real_root_device() (in utility.c) if
the root device name is longer than the what was previously in `name'.
This results in incorrect display of the mount point in `df'.
example:
/proc/mounts contents
/dev/root / jffs 0 0
...
Actual device: /dev/mtdblock0
df output:
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/mtdblock0 8000 3586 4404 45% ock0
Suggested fix (not tested)
--- utility.c Thu Jul 27 09:33:40 2000
+++ utility.c.new Thu Jul 27 09:34:20 2000
@@ -1555,7 +1555,7 @@
if (strcmp(entry->d_name, "..") == 0)
continue;
- sprintf( fileName, "/dev/%s", entry->d_name);
+ snprintf( fileName, strlen(name)+1, "/dev/%s",
entry->d_name);
if (stat(fileName, &statBuf) != 0)
continue;
---------------------------------------
Received: (at 1019-close) by bugs.lineo.com; 11 Aug 2000 17:46:58 +0000
More information about the busybox
mailing list