mirror of
https://gitlab.freedesktop.org/wayland/weston
synced 2024-10-04 23:12:54 +00:00
libweston: Make module loading safe against long paths
Avoid any buffer overflows here by checking we don't go over PATH_MAX with stupid module names. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
parent
698f9bf854
commit
beb97e5f79
|
@ -766,19 +766,28 @@ wet_load_module(const char *name, const char *entrypoint)
|
||||||
const char *builddir = getenv("WESTON_BUILD_DIR");
|
const char *builddir = getenv("WESTON_BUILD_DIR");
|
||||||
char path[PATH_MAX];
|
char path[PATH_MAX];
|
||||||
void *module, *init;
|
void *module, *init;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
if (name == NULL)
|
if (name == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (name[0] != '/') {
|
if (name[0] != '/') {
|
||||||
if (builddir)
|
if (builddir)
|
||||||
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name);
|
len = snprintf(path, sizeof path, "%s/.libs/%s", builddir,
|
||||||
|
name);
|
||||||
else
|
else
|
||||||
snprintf(path, sizeof path, "%s/%s", MODULEDIR, name);
|
len = snprintf(path, sizeof path, "%s/%s", MODULEDIR,
|
||||||
|
name);
|
||||||
} else {
|
} else {
|
||||||
snprintf(path, sizeof path, "%s", name);
|
len = snprintf(path, sizeof path, "%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* snprintf returns the length of the string it would've written,
|
||||||
|
* _excluding_ the NUL byte. So even being equal to the size of
|
||||||
|
* our buffer is an error here. */
|
||||||
|
if (len >= sizeof path)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
|
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
|
||||||
if (module) {
|
if (module) {
|
||||||
weston_log("Module '%s' already loaded\n", path);
|
weston_log("Module '%s' already loaded\n", path);
|
||||||
|
|
|
@ -5225,19 +5225,28 @@ weston_load_module(const char *name, const char *entrypoint)
|
||||||
const char *builddir = getenv("WESTON_BUILD_DIR");
|
const char *builddir = getenv("WESTON_BUILD_DIR");
|
||||||
char path[PATH_MAX];
|
char path[PATH_MAX];
|
||||||
void *module, *init;
|
void *module, *init;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
if (name == NULL)
|
if (name == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (name[0] != '/') {
|
if (name[0] != '/') {
|
||||||
if (builddir)
|
if (builddir)
|
||||||
snprintf(path, sizeof path, "%s/.libs/%s", builddir, name);
|
len = snprintf(path, sizeof path, "%s/.libs/%s",
|
||||||
|
builddir, name);
|
||||||
else
|
else
|
||||||
snprintf(path, sizeof path, "%s/%s", LIBWESTON_MODULEDIR, name);
|
len = snprintf(path, sizeof path, "%s/%s",
|
||||||
|
LIBWESTON_MODULEDIR, name);
|
||||||
} else {
|
} else {
|
||||||
snprintf(path, sizeof path, "%s", name);
|
len = snprintf(path, sizeof path, "%s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* snprintf returns the length of the string it would've written,
|
||||||
|
* _excluding_ the NUL byte. So even being equal to the size of
|
||||||
|
* our buffer is an error here. */
|
||||||
|
if (len >= sizeof path)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
|
module = dlopen(path, RTLD_NOW | RTLD_NOLOAD);
|
||||||
if (module) {
|
if (module) {
|
||||||
weston_log("Module '%s' already loaded\n", path);
|
weston_log("Module '%s' already loaded\n", path);
|
||||||
|
|
Loading…
Reference in a new issue