From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-lj1-x243.google.com ([2a00:1450:4864:20::243]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hiFa7-0000cZ-TE for barebox@lists.infradead.org; Tue, 02 Jul 2019 10:00:13 +0000 Received: by mail-lj1-x243.google.com with SMTP id x25so16280089ljh.2 for ; Tue, 02 Jul 2019 03:00:10 -0700 (PDT) From: Antony Pavlov Date: Tue, 2 Jul 2019 12:59:59 +0300 Message-Id: <20190702100001.28530-2-antonynpavlov@gmail.com> In-Reply-To: <20190702100001.28530-1-antonynpavlov@gmail.com> References: <20190702100001.28530-1-antonynpavlov@gmail.com> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: [PATCH 1/3] sandbox: prevent segfault in tap_alloc() To: barebox@lists.infradead.org Tap network interface initialization in sandbox barebox leads to segfault under Debian Buster/Sid. The problem is that strcpy(dev, ifr.ifr_name) inside tap_alloc() tries to alter read-only data passed by tap_probe() and barebox receives SIGSEGV. Nobody uses network interface name returned by tap_alloc() so we can drop this strcpy(). Signed-off-by: Antony Pavlov --- arch/sandbox/mach-sandbox/include/mach/linux.h | 2 +- arch/sandbox/os/tap.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/sandbox/mach-sandbox/include/mach/linux.h b/arch/sandbox/mach-sandbox/include/mach/linux.h index 52360f8771..7d0ed55735 100644 --- a/arch/sandbox/mach-sandbox/include/mach/linux.h +++ b/arch/sandbox/mach-sandbox/include/mach/linux.h @@ -8,7 +8,7 @@ int sandbox_add_device(struct device_d *dev); struct fb_bitfield; int linux_register_device(const char *name, void *start, void *end); -int tap_alloc(char *dev); +int tap_alloc(const char *dev); uint64_t linux_get_time(void); int linux_read(int fd, void *buf, size_t count); int linux_read_nonblock(int fd, void *buf, size_t count); diff --git a/arch/sandbox/os/tap.c b/arch/sandbox/os/tap.c index 0e29e8e8ad..3a29a4be64 100644 --- a/arch/sandbox/os/tap.c +++ b/arch/sandbox/os/tap.c @@ -28,7 +28,7 @@ #include #include -int tap_alloc(char *dev) +int tap_alloc(const char *dev) { struct ifreq ifr; int fd, err; @@ -55,7 +55,6 @@ int tap_alloc(char *dev) return err; } - strcpy(dev, ifr.ifr_name); return fd; } -- 2.20.1 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox