[scarthgap,12/18] makedevs: Fix matching uid/gid

Message ID	865b7149da5dd6301c1d9805a1e7bac8dcac82a9.1729018153.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.170, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/18] makedevs: Fix matching uid/gid Date: Tue, 15 Oct 2024 11:50:48 -0700 Message-Id: <865b7149da5dd6301c1d9805a1e7bac8dcac82a9.1729018153.git.steve@sakoman.com> In-Reply-To: <cover.1729018153.git.steve@sakoman.com> References: <cover.1729018153.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/18] rust: ignore CVE-2024-43402 \| expand [scarthgap,01/18] rust: ignore CVE-2024-43402 [scarthgap,02/18] cups: Backport fix for CVE-2024-47175 [scarthgap,03/18] libarchive: fix CVE-2024-48957 & CVE-2024-48958 [scarthgap,04/18] linux-firmware: upgrade 20240312 -> 20240909 [scarthgap,05/18] ruby: upgrade 3.2.2 -> 3.3.5 [scarthgap,06/18] ptest-runner: Update 2.4.4 -> 2.4.5 [scarthgap,07/18] sysvinit: take release tarballs from github [scarthgap,08/18] libpcre2: Update base uri PhilipHazel -> PCRE2Project [scarthgap,09/18] license: Fix directory layout issues [scarthgap,10/18] virglrenderer: Add patch to fix -int-conversion build issue [scarthgap,11/18] lib/oe/package-manager: skip processing installed-pkgs with empty globs [scarthgap,12/18] makedevs: Fix matching uid/gid [scarthgap,13/18] runqemu: Fix detection of -serial parameter [scarthgap,14/18] uboot-sign: fix counters in do_uboot_assemble_fitimage [scarthgap,15/18] recipes-bsp: usbutils: Fix usb-devices command using busybox [scarthgap,16/18] libsdl2: Fix non-deterministic configure option for libsamplerate [scarthgap,17/18] image_qa: fix error handling [scarthgap,18/18] meta-ide-support: Mark recipe as MACHINE-specific

Message ID

865b7149da5dd6301c1d9805a1e7bac8dcac82a9.1729018153.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 12/18] makedevs: Fix matching uid/gid
Date: Tue, 15 Oct 2024 11:50:48 -0700
Message-Id: 
 <865b7149da5dd6301c1d9805a1e7bac8dcac82a9.1729018153.git.steve@sakoman.com>
In-Reply-To: <cover.1729018153.git.steve@sakoman.com>
References: <cover.1729018153.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/18] rust: ignore CVE-2024-43402 | expand

Commit Message

Steve Sakoman Oct. 15, 2024, 6:50 p.m. UTC

From: Jaeyoon Jung <jaeyoon.jung@lge.com>

Correct the length to compare in convert2guid() to fix an issue where it
ends up with returning a wrong id that matches partially. Also fix the
length of usr_buf and grp_buf in interpret_table_entry() which are used
as arguments of convert2guid().

Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ca9d193a21e6b8669c4da1a68cd5e0791bb80a4b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/makedevs/makedevs/makedevs.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-devtools/makedevs/makedevs/makedevs.c b/meta/recipes-devtools/makedevs/makedevs/makedevs.c
index 2254b54891..411a669153 100644
--- a/meta/recipes-devtools/makedevs/makedevs/makedevs.c
+++ b/meta/recipes-devtools/makedevs/makedevs/makedevs.c
@@ -202,7 +202,7 @@  static unsigned long convert2guid(char *id_buf, struct name_id *search_list)
 		// Check for bad user/group name
 		node = search_list;
 		while (node != NULL) {
-			if (!strncmp(node->name, id_buf, strlen(id_buf))) {
+			if (!strncmp(node->name, id_buf, MAX_ID_LEN)) {
 				fprintf(stderr, "WARNING: Bad user/group name %s detected\n", id_buf);
 				break;
 			}
@@ -212,7 +212,7 @@  static unsigned long convert2guid(char *id_buf, struct name_id *search_list)
 	} else {
 		node = search_list;
 		while (node != NULL) {
-			if (!strncmp(node->name, id_buf, strlen(id_buf)))
+			if (!strncmp(node->name, id_buf, MAX_ID_LEN))
 				return node->id;
 			node = node->next;
 		}
@@ -362,13 +362,13 @@  static void add_new_fifo(char *name, char *path, unsigned long uid,
 static int interpret_table_entry(char *line)
 {
 	char *name;
-	char usr_buf[MAX_ID_LEN];
-	char grp_buf[MAX_ID_LEN];
-	char path[4096], type;
+	char usr_buf[MAX_ID_LEN+1];
+	char grp_buf[MAX_ID_LEN+1];
+	char path[PATH_MAX], type;
 	unsigned long mode = 0755, uid = 0, gid = 0, major = 0, minor = 0;
 	unsigned long start = 0, increment = 1, count = 0;
 
-	if (0 > sscanf(line, "%4095s %c %lo %39s %39s %lu %lu %lu %lu %lu", path,
+	if (0 > sscanf(line, "%4095s %c %lo %40s %40s %lu %lu %lu %lu %lu", path,
 		    &type, &mode, usr_buf, grp_buf, &major, &minor, &start,
 		    &increment, &count))
 	{

[scarthgap,12/18] makedevs: Fix matching uid/gid

Commit Message

Patch