[PATCH] Bug in patch of Romain: "gconfig" removed root folder...

From: oebilgen
Date: Fri Jan 16 2004 - 15:20:04 EST


Hi again,


Romain, I guess that there will be a segmentation fault because of:

strcat((char *)fn, "/");

because:

fn + strlen (fn) + 1

is not allocated for "fn" and strcat(3) may fail (may fail: It might
escape from segfault if gtk_file_selection_get_filename() has an indolent
allocation strategy for fn - like in "Vector" class of C++). It still is a
bug.

Try this. And Romain, this was my first patch (and also first bug report)
for linux-kernel, THX for your hint. I would lose too much time in order
to find store_file@xxxxxxxxxxx/scripts/kconfig/gconf.c ;)


NOTE: I combined mine and Romain's patch, *** DO NOT APPLY BOTH *** !!!

--- scripts/kconfig/gconf.c 2004-01-09 09:00:03.000000000 +0200
+++ scripts/kconfig/gconf-oebilgen_and_romain.c 2004-01-16
21:32:26.000000000 +0200
@@ -23,6 +23,9 @@
#include <unistd.h>
#include <time.h>
#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+

//#define DEBUG

@@ -643,13 +646,29 @@
store_filename(GtkFileSelection * file_selector, gpointer user_data)
{
const gchar *fn;
+ gchar trailing, *safefn;
+ struct stat sb;

fn = gtk_file_selection_get_filename(GTK_FILE_SELECTION
(user_data));

- if (conf_write(fn))
+ /* protect against 'root directory' bug */
+ trailing = fn[strlen(fn)-1];
+ if(stat(fn, &sb) == -1)
+ return;
+ if(S_ISDIR(sb.st_mode))
+ if(trailing != '/')
+ {
+ safefn = (gchar *) malloc (strlen (fn) + 2);
+ strcpy ((char *) safefn, (char *) fn);
+ strcat ((char *) safefn, "/");
+ }
+
+ if (conf_write(safefn))
text_insert_msg("Error", "Unable to save configuration !");

+ free (safefn);
+
gtk_widget_destroy(GTK_WIDGET(user_data));
}


To Doug McNaught and "viro"; running gconf as root it is not a must of
course but one couldn't be punished that hard. If you run gconf as normal
user, you still may experience this (a user friendly bug :P) by loosing
your (home) folders...


BTW, I looked to conf_write and saw that its char arrays are very
dangerous. I will hack it on monday, if possible. ("Open source groups are
like mafia; you can join but cannot leave")


THX in advance,

Comp. Eng. Ozan Eren BILGEN

TUBITAK - UEKAE (Turkey)
National Research Institute of Electronics & Cryptology
Special Projects Group
Researcher


> Hi,
>
>> Today I downloaded 2.6.1 kernel and tried to configure it with "make
>> gconfig". After all changes I selected "Save As" and clicked "/root"
>> folder to save in. Then I clicked "OK", without giving a file name. I
>> expected that it opens root folder and lists contents. But this magic
>> configurator removed (rm -Rf) my root folder and created a file named
>> "root". It was a terrible experience!..
>
> A patch against 2.6.1 which fix this problem. Please apply...
>
> Thanks, Romain
>
> ===========================[cut here]=========================diff -Naur
> linux-2.6.1/scripts/kconfig/gconf.c linux/scripts/kconfig/gconf.c
> --- linux-2.6.1/scripts/kconfig/gconf.c 2004-01-15 21:45:22.000000000
> +0100
> +++ linux/scripts/kconfig/gconf.c 2004-01-15 22:36:55.000000000 +0100
> @@ -23,6 +23,9 @@
> #include <unistd.h>
> #include <time.h>
> #include <stdlib.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +
>
> //#define DEBUG
>
> @@ -643,9 +646,18 @@
> store_filename(GtkFileSelection * file_selector, gpointer user_data)
> {
> const gchar *fn;
> + gchar trailing;
> + struct stat sb;
>
> fn = gtk_file_selection_get_filename(GTK_FILE_SELECTION
> (user_data));
> +
> + /* protect against 'root directory' bug */
> + trailing = fn[strlen(fn)-1];
> + if(stat(fn, &sb) == -1) return;
> + if(S_ISDIR(sb.st_mode))
> + if(trailing != '/')
> + strcat((char *)fn, "/");
>
> if (conf_write(fn))
> text_insert_msg("Error", "Unable to save configuration !");
>
> --
> Romain Liévin (roms): <roms@xxxxxxxxx>
> Web site: http://tilp.info
> "Linux, y'a moins bien mais c'est plus cher !"
>
>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/