mirrors/weston
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libweston: Make module loading safe against long paths

Browse Source 
Avoid any buffer overflows here by checking we don't go over PATH_MAX
with stupid module names.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
Daniel Stone 2016-11-28 12:13:54 +00:00
parent 698f9bf854
commit beb97e5f79
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
compositor/main.c
View File

@ -766,19 +766,28 @@ wet_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX];
void *module, *init;
size_t len;
if (name == NULL)
return NULL;
if (name[0] != '/') {
if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name);
len = snprintf(path, sizeof path, "%s/.libs/%s", builddir,
name);
else
snprintf(path, sizeof path, "%s/%s", MODULEDIR, name);
len = snprintf(path, sizeof path, "%s/%s", MODULEDIR,
name);
} else {
snprintf(path, sizeof path, "%s", name);
len = snprintf(path, sizeof path, "%s", name);
}
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) {
weston_log("Module '%s' already loaded\n", path);

15
libweston/compositor.c
View File

@ -5225,19 +5225,28 @@ weston_load_module(const char *name, const char *entrypoint)
const char *builddir = getenv("WESTON_BUILD_DIR");
char path[PATH_MAX];
void *module, *init;
size_t len;
if (name == NULL)
return NULL;
if (name[0] != '/') {
if (builddir)
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name);
len = snprintf(path, sizeof path, "%s/.libs/%s",
builddir, name);
else
snprintf(path, sizeof path, "%s/%s", LIBWESTON_MODULEDIR, name);
len = snprintf(path, sizeof path, "%s/%s",
LIBWESTON_MODULEDIR, name);
} else {
snprintf(path, sizeof path, "%s", name);
len = snprintf(path, sizeof path, "%s", name);
}
/* snprintf returns the length of the string it would've written,
* _excluding_ the NUL byte. So even being equal to the size of
* our buffer is an error here. */
if (len >= sizeof path)
return NULL;
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
if (module) {
weston_log("Module '%s' already loaded\n", path);