[PATCH 6/8] run_test: prevent buffer overflow

Michael Santos <>
Sat Oct 2 01:56:34 CEST 2010


Truncate buffers used to hold command line arguments.
---
 erts/etc/common/Makefile.in |    2 +-
 erts/etc/common/run_test.c  |   19 +++++++++++++------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in
index 7f502b2..a965ac2 100644
--- a/erts/etc/common/Makefile.in
+++ b/erts/etc/common/Makefile.in
@@ -351,7 +351,7 @@ $(OBJDIR)/escript.o: escript.c
 	$(CC) $(CFLAGS) -o $@ -c escript.c
 
 $(BINDIR)/@: $(OBJDIR)/run_test.o
-	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/run_test.o -L$(OBJDIR) $(LIBS)
+	$(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/run_test.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
 
 $(OBJDIR)/run_test.o: run_test.c
 	$(CC) $(CFLAGS) -o $@ -c run_test.c
diff --git a/erts/etc/common/run_test.c b/erts/etc/common/run_test.c
index 016d9c6..042b857 100644
--- a/erts/etc/common/run_test.c
+++ b/erts/etc/common/run_test.c
@@ -164,11 +164,13 @@ main(int argc, char** argv)
 	    erl_args = cnt;
 	}
 	else if (strcmp(argv[1], "-sname") == 0) {
-	    strcpy(nodename, argv[2]);
+	    strncpy(nodename, argv[2], sizeof(nodename));
+	    nodename[sizeof(nodename)-1] = '\0';
 	    cnt++, argv++;
 	}
 	else if (strcmp(argv[1], "-name") == 0) {
-	    strcpy(nodename, argv[2]);
+	    strncpy(nodename, argv[2], sizeof(nodename));
+	    nodename[sizeof(nodename)-1] = '\0';
 	    dist_mode = FULL_NAME;
 	    cnt++, argv++;
 	}
@@ -178,7 +180,8 @@ main(int argc, char** argv)
 		    ct_mode = VTS_MODE;
 		}
 		else if (strcmp(argv[1], "-browser") == 0) {
-		    strcpy(browser, argv[2]);
+		    strncpy(browser, argv[2], sizeof(browser));
+		    browser[sizeof(browser)-1] = '\0';
 		    cnt++, argv++;
 		}
 		else if (strcmp(argv[1], "-shell") == 0) {
@@ -189,7 +192,8 @@ main(int argc, char** argv)
 		    ct_mode = MASTER_MODE;
 		}
 		else if (strcmp(argv[1], "-ctname") == 0) {
-		    strcpy(nodename, argv[2]);
+		    strncpy(nodename, argv[2], sizeof(nodename));
+		    nodename[sizeof(nodename)-1] = '\0';
 		    ct_mode = ERL_SHELL_MODE;
 		    cnt++, argv++;
 		}
@@ -273,7 +277,7 @@ main(int argc, char** argv)
 static void
 push_words(char* src)
 {
-    char sbuf[1024];
+    char sbuf[MAXPATHLEN];
     char* dst;
 
     dst = sbuf;
@@ -405,7 +409,7 @@ error(char* format, ...)
     va_list ap;
 
     va_start(ap, format);
-    vsprintf(sbuf, format, ap);
+    erts_vsnprintf(sbuf, sizeof(sbuf), format, ap);
     va_end(ap);
     fprintf(stderr, "run_test: %s\n", sbuf);
     exit(1);
@@ -434,6 +438,9 @@ get_default_emulator(char* progname)
     char sbuf[MAXPATHLEN];
     char* s;
 
+    if (strlen(progname) >= sizeof(sbuf))
+        return ERL_NAME;
+
     strcpy(sbuf, progname);
     for (s = sbuf+strlen(sbuf); s >= sbuf; s--) {
 	if (IS_DIRSEP(*s)) {
-- 
1.7.0.4



More information about the erlang-patches mailing list