diff options
| author | dsmith <dsmith> | 2008-02-21 16:29:41 +0000 |
|---|---|---|
| committer | dsmith <dsmith> | 2008-02-21 16:29:41 +0000 |
| commit | cc33b36c56dfc5b649671d4dc06490929c5d1df1 (patch) | |
| tree | 054711b4b1f39ed3a7f5a53cec740b50489c41cf /runtime/staprun/staprun_funcs.c | |
| parent | 8e10e64985a759bb285ecb5ec14c4ad6e5c9aaa1 (diff) | |
| download | systemtap-steved-cc33b36c56dfc5b649671d4dc06490929c5d1df1.tar.gz systemtap-steved-cc33b36c56dfc5b649671d4dc06490929c5d1df1.tar.xz systemtap-steved-cc33b36c56dfc5b649671d4dc06490929c5d1df1.zip | |
2008-02-21 David Smith <dsmith@redhat.com>
* staprun_funcs.c (check_path): Small security fix.
Diffstat (limited to 'runtime/staprun/staprun_funcs.c')
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 3a678405..34e12c25 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -277,10 +277,20 @@ check_path(void) /* Use realpath() to canonicalize the module path. */ if (realpath(modpath, module_realpath) == NULL) { - perr("Unable to canonicalize path \"%s\"",modpath); + perr("Unable to canonicalize path \"%s\"", modpath); return -1; } + /* To make sure the user can't specify something like + * /lib/modules/`uname -r`/systemtapmod.ko, put a '/' on the + * end of staplib_dir_realpath. */ + if (strlen(staplib_dir_realpath) < (PATH_MAX - 1)) + strcat(staplib_dir_realpath, "/"); + else { + err("Path \"%s\" is too long.", modpath); + return -1; + } + /* Now we've got two canonicalized paths. Make sure * module_realpath starts with staplib_dir_realpath. */ if (strncmp(staplib_dir_realpath, module_realpath, |