Commit 09a61e89 authored by Breno Leitao's avatar Breno Leitao Committed by Michael Ellerman

selftests/powerpc: Fix strncpy usage

There is a buffer overflow in dscr_inherit_test.c test. In main(), strncpy()'s
third argument is the length of the source, not the size of the destination
buffer, which makes strncpy() behaves like strcpy(), causing a buffer overflow
if argv[0] is bigger than LEN_MAX (100).

This patch maps 'prog' to the argv[0] memory region, removing the static
allocation and the LEN_MAX size restriction.
Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent f3988ca4
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
*/ */
#include "dscr.h" #include "dscr.h"
static char prog[LEN_MAX]; static char *prog;
static void do_exec(unsigned long parent_dscr) static void do_exec(unsigned long parent_dscr)
{ {
...@@ -104,6 +104,6 @@ int main(int argc, char *argv[]) ...@@ -104,6 +104,6 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
strncpy(prog, argv[0], strlen(argv[0])); prog = argv[0];
return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test"); return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test");
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment