diff options
author | Miklos Szeredi <miklos@szeredi.hu> | 2010-11-03 00:25:45 -0400 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2010-11-03 00:25:45 -0400 |
commit | 0e516e0e14f2f9783a21cd1727bc53776341f857 (patch) | |
tree | c81aa2f560e7894c57076cb04ff5313cba156c5e /sysdeps/unix/sysv | |
parent | 0e012e8734d454f85bb1e3a50167dd61000b6ce4 (diff) | |
download | glibc-0e516e0e14f2f9783a21cd1727bc53776341f857.tar.gz glibc-0e516e0e14f2f9783a21cd1727bc53776341f857.tar.xz glibc-0e516e0e14f2f9783a21cd1727bc53776341f857.zip |
Verify in ttyname() that the symlink is valid.
Diffstat (limited to 'sysdeps/unix/sysv')
-rw-r--r-- | sysdeps/unix/sysv/linux/ttyname.c | 33 | ||||
-rw-r--r-- | sysdeps/unix/sysv/linux/ttyname_r.c | 32 |
2 files changed, 55 insertions, 10 deletions
diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c index 69af6adc65..6cec3a9013 100644 --- a/sysdeps/unix/sysv/linux/ttyname.c +++ b/sysdeps/unix/sysv/linux/ttyname.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1991,92,93,1996-2002,2006,2009 Free Software Foundation, Inc. +/* Copyright (C) 1991-1993,1996-2002,2006,2009,2010 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -131,6 +132,9 @@ ttyname (int fd) if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0)) return NULL; + if (__fxstat64 (_STAT_VER, fd, &st) < 0) + return NULL; + /* We try using the /proc filesystem. */ *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0'; @@ -161,13 +165,32 @@ ttyname (int fd) { if ((size_t) len >= buflen) return NULL; + +#define UNREACHABLE_LEN strlen ("(unreachable)") + if (len > UNREACHABLE_LEN + && memcmp (ttyname_buf, "(unreachable)", UNREACHABLE_LEN) == 0) + { + memmove (ttyname_buf, ttyname_buf + UNREACHABLE_LEN, + len - UNREACHABLE_LEN); + len -= UNREACHABLE_LEN; + } + /* readlink need not terminate the string. */ ttyname_buf[len] = '\0'; - return ttyname_buf; - } - if (__fxstat64 (_STAT_VER, fd, &st) < 0) - return NULL; + /* Verify readlink result, fall back on iterating through devices. */ + if (ttyname_buf[0] == '/' + && __xstat64 (_STAT_VER, ttyname_buf, &st1) == 0 +#ifdef _STATBUF_ST_RDEV + && S_ISCHR (st1.st_mode) + && st1.st_rdev == st.st_rdev +#else + && st1.st_ino == st.st_ino + && st1.st_dev == st.st_dev +#endif + ) + return ttyname_buf; + } if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode)) { diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c index cef8624dc6..2fa7503471 100644 --- a/sysdeps/unix/sysv/linux/ttyname_r.c +++ b/sysdeps/unix/sysv/linux/ttyname_r.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1991,92,93,1995-2001,2003,2006 Free Software Foundation, Inc. +/* Copyright (C) 1991-1993,1995-2001,2003,2006,2010 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -122,6 +123,9 @@ __ttyname_r (int fd, char *buf, size_t buflen) if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0)) return errno; + if (__fxstat64 (_STAT_VER, fd, &st) < 0) + return errno; + /* We try using the /proc filesystem. */ *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0'; @@ -145,12 +149,30 @@ __ttyname_r (int fd, char *buf, size_t buflen) #endif , 1)) { +#define UNREACHABLE_LEN strlen ("(unreachable)") + if (ret > UNREACHABLE_LEN + && memcmp (buf, "(unreachable)", UNREACHABLE_LEN) == 0) + { + memmove (buf, buf + UNREACHABLE_LEN, ret - UNREACHABLE_LEN); + ret -= UNREACHABLE_LEN; + } + + /* readlink need not terminate the string. */ buf[ret] = '\0'; - return 0; - } - if (__fxstat64 (_STAT_VER, fd, &st) < 0) - return errno; + /* Verify readlink result, fall back on iterating through devices. */ + if (buf[0] == '/' + && __xstat64 (_STAT_VER, buf, &st1) == 0 +#ifdef _STATBUF_ST_RDEV + && S_ISCHR (st1.st_mode) + && st1.st_rdev == st.st_rdev +#else + && st1.st_ino == st.st_ino + && st1.st_dev == st.st_dev +#endif + ) + return 0; + } /* Prepare the result buffer. */ memcpy (buf, "/dev/pts/", sizeof ("/dev/pts/")); |