mailing list of musl libc
 help / color / mirror / code / Atom feed
* [musl] [PATCH v2] fix: Truncate the too-long mntent in function getmntent_r
@ 2021-10-15 12:20 Kaihang Zhang
  2021-12-01 12:33 ` [musl] " Kaihang Zhang
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Kaihang Zhang @ 2021-10-15 12:20 UTC (permalink / raw)
  To: musl, 2010267516; +Cc: Kaihang Zhang

In function getmntent_r in source misc/mntent.c, entry that is too long
will be truncated rather than discarded. The caller can tell by errno
whether the supplied buffer is too small, and retry from the beginning
of the file.
---
 src/misc/mntent.c | 53 +++++++++++++++++++++++++++++------------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/src/misc/mntent.c b/src/misc/mntent.c
index eabb8200..085ce45d 100644
--- a/src/misc/mntent.c
+++ b/src/misc/mntent.c
@@ -21,12 +21,12 @@ int endmntent(FILE *f)
 
 struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int buflen)
 {
-	int cnt, n[8], use_internal = (linebuf == SENTINEL);
-
-	mnt->mnt_freq = 0;
-	mnt->mnt_passno = 0;
+	int use_internal = (linebuf == SENTINEL);
+	char *sub;
 
 	do {
+		char *end_ptr;
+
 		if (use_internal) {
 			getline(&internal_buf, &internal_bufsize, f);
 			linebuf = internal_buf;
@@ -34,25 +34,38 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle
 			fgets(linebuf, buflen, f);
 		}
 		if (feof(f) || ferror(f)) return 0;
-		if (!strchr(linebuf, '\n')) {
+
+		end_ptr = strchr(linebuf, '\n');
+		if (end_ptr != NULL) {
+			while ((end_ptr[-1] == ' ' || end_ptr[-1] == '\t') && end_ptr != linebuf) end_ptr--;
+			*end_ptr = '\0';
+		} else {
 			fscanf(f, "%*[^\n]%*[\n]");
 			errno = ERANGE;
-			return 0;
 		}
-		cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
-			n, n+1, n+2, n+3, n+4, n+5, n+6, n+7,
-			&mnt->mnt_freq, &mnt->mnt_passno);
-	} while (cnt < 2 || linebuf[n[0]] == '#');
-
-	linebuf[n[1]] = 0;
-	linebuf[n[3]] = 0;
-	linebuf[n[5]] = 0;
-	linebuf[n[7]] = 0;
-
-	mnt->mnt_fsname = linebuf+n[0];
-	mnt->mnt_dir = linebuf+n[2];
-	mnt->mnt_type = linebuf+n[4];
-	mnt->mnt_opts = linebuf+n[6];
+
+		linebuf += strspn(linebuf, " \t");
+	} while (linebuf[0] == '\0' || linebuf[0] == '#');
+
+	mnt->mnt_fsname = strsep(&linebuf, " \t");
+
+	if (linebuf) linebuf += strspn(linebuf, " \t");
+	sub = strsep(&linebuf, " \t");
+	mnt->mnt_dir = sub ? sub : (char *) "";
+
+	if (linebuf) linebuf += strspn(linebuf, " \t");
+	sub = strsep (&linebuf, " \t");
+	mnt->mnt_type = sub ? sub : (char *) "";
+
+	if (linebuf) linebuf += strspn(linebuf, " \t");
+	sub = strsep(&linebuf, " \t");
+	mnt->mnt_opts = sub ? sub : (char *) "";
+
+	switch (linebuf ? sscanf(linebuf, " %d %d", &mnt->mnt_freq, &mnt->mnt_passno) : 0) {
+	case 0: mnt->mnt_freq = 0;
+	case 1: mnt->mnt_passno = 0;
+	case 2: break;
+	}
 
 	return mnt;
 }
-- 
2.25.4


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-01-18 10:18 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-15 12:20 [musl] [PATCH v2] fix: Truncate the too-long mntent in function getmntent_r Kaihang Zhang
2021-12-01 12:33 ` [musl] " Kaihang Zhang
2021-12-01 15:24 ` [musl] " Rich Felker
2022-01-09  3:12 ` Rich Felker
2022-01-18 10:17   ` Kaihang Zhang

Code repositories for project(s) associated with this inbox:

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).