In case we can persuade you, the attached patch will be needed - it protects
create_floppy_devices against an incorrect array bound check and against
possible buffer overflow resulting from the sysadmin specifying too long
a pathname for /dev.
This could be done better with perl as for write_cd_rules, if only
Mknod.pm were a standard shipped module ...
Nick
--- create_floppy_devices.c.orig 2006-05-29 10:18:16.000000000 +0100
+++ create_floppy_devices.c 2006-06-30 12:10:04.000000000 +0100
@@ -102,7 +102,7 @@
return 1;
}
- if (type < 0 || type > (int) sizeof(table)) {
+ if (type < 0 || type >= (int) (sizeof(table_sup) /
sizeof(table_sup[0])) ) {
fprintf(stderr,"Invalid CMOS type %d\n", type);
return 1;
}
@@ -112,7 +112,11 @@
i = 0;
while (table_sup[type][i]) {
- sprintf(node, "%s%s",dev, table[table_sup[type][i]]);
+ if (snprintf(node, sizeof(node), "%s%s",dev,
table[table_sup[type][i]]) >= sizeof(node)) {
+ fprintf(stderr,"Generated device name longer than
%d\n", sizeof(node));
+ return 1;
+
+ };
minor = (table_sup[type][i] << 2) + fdnum;
if (print_nodes)
printf("%s b %d %d %d\n", node, mode, major, minor);
