This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] ptsname_r: don't leak unitialized memory
- From: Aurelien Jarno <aurelien at aurel32 dot net>
- To: libc-alpha at sourceware dot org
- Cc: Aurelien Jarno <aurelien at aurel32 dot net>
- Date: Mon, 5 May 2014 15:00:07 +0200
- Subject: [PATCH] ptsname_r: don't leak unitialized memory
- Authentication-results: sourceware.org; auth=none
If the fd refers to a terminal device, but not a pty master, the
TIOCGPTN ioctl returns with ENOTTY. This error is not caught, and the
possibly undefined buffer passed to ptsname_r is sent directly to the
stat64 syscall.
Fix this by using a fallback to the old method only if the TIOCGPTN
ioctl fails with EINVAL. This also fix the return value in that specific
case (it return ENOENT without this patch).
Note: this is Debian bug#741482, reported by Jakub Wilk <jwilk@debian.org>
---
ChangeLog | 6 ++++++
sysdeps/unix/sysv/linux/ptsname.c | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index ac0d69e..cda0e7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-05-05 Aurelien Jarno <aurelien@aurel32.net>
+
+ * sysdeps/unix/sysv/linux/ptsname.c (__ptsname_internal): return
+ errno if the TIOCGPTN ioctl fails with an error different than
+ EINVAL.
+
2014-05-04 Adam Conrad <adconrad@0c3.net>
* locale/iso-4217.def: Reintroduce XDR currency.
diff --git a/sysdeps/unix/sysv/linux/ptsname.c b/sysdeps/unix/sysv/linux/ptsname.c
index ed39f8f..3fc14a7 100644
--- a/sysdeps/unix/sysv/linux/ptsname.c
+++ b/sysdeps/unix/sysv/linux/ptsname.c
@@ -105,7 +105,9 @@ __ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp)
memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p);
}
- else if (errno == EINVAL)
+ else if (errno != EINVAL)
+ return errno;
+ else
#endif
{
char *p;
--
2.0.0.rc0