• M
    gen_init_cpio: avoid NULL pointer dereference and rework env expanding · c725ee54
    Michal Nazarewicz 提交于
    getenv() may return NULL if given environment variable does not exist
    which leads to NULL dereference when calling strncat.
    
    Besides that, the environment variable name was copied to a temporary
    env_var buffer, but this copying can be avoided by simply using the input
    string.
    
    Lastly, the whole loop can be greatly simplified by using the snprintf
    function instead of the playing with strncat.
    
     By the way, the current implementation allows a recursive variable
     expansion, as in:
    
       $ echo 'out ${A} out ' | A='a ${B} a' B=b /tmp/a
       out a b a out
    
     I'm assuming this is just a side effect and not a conscious decision
     (especially as this may lead to infinite loop), but I didn't want to
     change this behaviour without consulting.
    
     If the current behaviour is deamed incorrect, I'll be happy to send
     a patch without recursive processing.
    Signed-off-by: NMichal Nazarewicz <mina86@mina86.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Jiri Kosina <jkosina@suse.cz>
    Cc: Jesper Juhl <jj@codesealer.com>
    Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    c725ee54
gen_init_cpio.c 12.7 KB
反馈
建议
客服 返回
顶部