115669 2005-12-15 09:07 0000 possible buffer overflow in hwsetup 2005-12-20 14:27:23 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified x86 Linux RESOLVED FIXED P2 normal --- 1 pharon@gmail.com livecd@gentoo.org pharon@gmail.com 2005-12-15 09:07:52 0000 I submitted a patch to implement dynamic blacklist generation in hwsetup using /etc/hotplug/blacklist to prevent loading of misbehaving drivers from being loaded. But if the file has more than 200 module names hwsetup will segfault. I attatch a patch to add primitive bounds checking and reduce the memory footprint of the function. The coding is horrible maybe, can someone else who knows better can rewrite it using malloc and realloc? Reproducible: Always Steps to Reproduce: 1.emerge hwsetup 2.fill up /etc/hotplug/blacklist with more than 200 module names 3.run hwsetup 3.segfault Actual Results: Segfault Expected Results: Doesn't segfault The bug description on my blog http://www.phaeronix.net/node/74 with the patch http://phaeronix.net/files/hwsetup-1.1-dyn_blacklist_bounds_check.patch.txt pharon@gmail.com 2005-12-15 11:17:23 0000 Created an attachment (id=74814) patch to fix the segfault this is primitive bounds checking. Someone with better skills could make this using array of pointers to strings and use malloc and realloc, but I am too lazy. wolf31o2@gentoo.org 2005-12-16 08:16:30 0000 Thanks for the patch... currently my machines are down so I can't get this done until after I get back power. I had gotten your email, but haven't had much time to do anything with the local ice storms. pharon@gmail.com 2005-12-16 14:21:14 0000 no problem beware of the frost bite :) wolf31o2@gentoo.org 2005-12-20 14:27:23 0000 Fixed in CVS... 74814 2005-12-15 11:17 0000 patch to fix the segfault hwsetup-1.1-dyn_blacklist_bounds_check.patch text/plain LS0tIGh3c2V0dXAtMS4xL2h3c2V0dXAuYwkyMDA1LTEyLTE1IDE1OjA3OjIxLjE1MDgyMTAwMCAr MDIwMAorKysgaHdzZXR1cC0xLjEtcGF0Y2hlZC9od3NldHVwLmMJMjAwNS0xMi0xNSAxNTowNzo0 Ni40NDg0MDIwMDAgKzAyMDAKQEAgLTQzLDcgKzQzLDcgQEAKIC8qIERvIG5vdCwgdW5kZXIgYW55 IGNpcmN1bXN0YW5jZXMsIGxvYWQgdGhlc2UgbW9kdWxlcyBhdXRvbWF0aWNhbGx5LCAqLwogLyog ZXZlbiBpZiBpbiBwY2l0YWJsZS4gKGxpYmt1ZHp1IG1heSBpZ25vcmUgdGhpcywgYW5kIHRoZSBL Tk9QUElYICAgICovCiAvKiBhdXRvY29uZmlnIHNjcmlwdHMgbWF5IHByb2JlIHRoZW0sIHRvbykg ICovCi1jaGFyIGJsYWNrbGlzdFsyMDBdWzEwMjRdID0KK2NoYXIgYmxhY2tsaXN0WzIwMF1bMjAw XSA9CiB7ICJhcG0iLCJhZ3BnYXJ0IiwieWVudGFfc29ja2V0IiwiaTgyMDkyIiwiaTgyMzY1Iiwi dGNpYyIsCiAgICJwY21jaWFfY29yZSIsImRzIiwib2hjaTEzOTQiLCJoaXNheCIsCiAgIC8qIFdp bm1vZGVtcywgdW51c2FibGUsIGNhbiBibG9jayBzb3VuZCBzbG90ICovCkBAIC03MCw2ICs3MCw3 IEBACiAJCQkJCQlzdHJjYXQgKG1vZHVsZSAsICIgXDAiKTsKIAkJCQkJCXN0cmNweShibGFja2xp c3Rbbl0gLCBtb2R1bGUpOwogCQkJCQkJbisrOworCQkJCQkJaWYgKCBuID09IDIwMCApIGJyZWFr OwogCQkJCQkJLy9wcmludGYobW9kdWxlKTsKIAkJCQl9CiAJCQkJYmxhY2tsaXN0c2l6ZSA9IG47 Cg==