X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=daemon%2Fsfdisk.c;h=8a5a46b08b772bdbe070c23a488554053fafe441;hb=4556fd64a8e236ec041cc00ed9687ef9bd455812;hp=f512e26b1b52191d0a2c512defd171ddd8e8b7b9;hpb=a7b73d4a1e09f12b2002083618056f0c823c1dcf;p=libguestfs.git

diff --git a/daemon/sfdisk.c b/daemon/sfdisk.c
index f512e26..8a5a46b 100644
--- a/daemon/sfdisk.c
+++ b/daemon/sfdisk.c
@@ -30,16 +30,14 @@
 #include "actions.h"
 
 static int
-sfdisk (char *device, int n, int cyls, int heads, int sectors,
-	const char *extra_flag,
-	char * const* const lines)
+sfdisk (const char *device, int n, int cyls, int heads, int sectors,
+        const char *extra_flag,
+        char * const* const lines)
 {
   FILE *fp;
   char buf[256];
   int i;
 
-  IS_DEVICE (device, -1);
-
   strcpy (buf, "/sbin/sfdisk");
 
   if (n > 0)
@@ -50,10 +48,23 @@ sfdisk (char *device, int n, int cyls, int heads, int sectors,
     sprintf (buf + strlen (buf), " -H %d", heads);
   if (sectors)
     sprintf (buf + strlen (buf), " -S %d", sectors);
-  if (extra_flag)
+
+  /* The above are all guaranteed to fit in the fixed-size buffer.
+     However, extra_flag and device have no restrictions,
+     so we must check.  */
+
+  if (extra_flag) {
+    if (strlen (buf) + 1 + strlen (extra_flag) >= sizeof buf) {
+      reply_with_error ("internal buffer overflow: sfdisk extra_flag too long");
+      return -1;
+    }
     sprintf (buf + strlen (buf), " %s", extra_flag);
+  }
 
-  /* Safe because of IS_DEVICE above: */
+  if (strlen (buf) + 1 + strlen (device) >= sizeof buf) {
+    reply_with_error ("internal buffer overflow: sfdisk device name too long");
+    return -1;
+  }
   sprintf (buf + strlen (buf), " %s", device);
 
   if (verbose)
@@ -84,15 +95,15 @@ sfdisk (char *device, int n, int cyls, int heads, int sectors,
 }
 
 int
-do_sfdisk (char *device, int cyls, int heads, int sectors,
-	   char **lines)
+do_sfdisk (const char *device, int cyls, int heads, int sectors,
+           char **lines)
 {
   return sfdisk (device, 0, cyls, heads, sectors, NULL, lines);
 }
 
 int
-do_sfdisk_N (char *device, int n, int cyls, int heads, int sectors,
-	     char *line)
+do_sfdisk_N (const char *device, int n, int cyls, int heads, int sectors,
+             const char *line)
 {
   const char *lines[2] = { line, NULL };
 
@@ -100,19 +111,17 @@ do_sfdisk_N (char *device, int n, int cyls, int heads, int sectors,
 }
 
 int
-do_sfdiskM (char *device, char **lines)
+do_sfdiskM (const char *device, char **lines)
 {
   return sfdisk (device, 0, 0, 0, 0, "-uM", lines);
 }
 
 static char *
-sfdisk_flag (char *device, const char *flag)
+sfdisk_flag (const char *device, const char *flag)
 {
   char *out, *err;
   int r;
 
-  IS_DEVICE (device, NULL);
-
   r = command (&out, &err, "/sbin/sfdisk", flag, device, NULL);
   if (r == -1) {
     reply_with_error ("sfdisk: %s: %s", device, err);
@@ -129,19 +138,19 @@ sfdisk_flag (char *device, const char *flag)
 }
 
 char *
-do_sfdisk_l (char *device)
+do_sfdisk_l (const char *device)
 {
   return sfdisk_flag (device, "-l");
 }
 
 char *
-do_sfdisk_kernel_geometry (char *device)
+do_sfdisk_kernel_geometry (const char *device)
 {
   return sfdisk_flag (device, "-g");
 }
 
 char *
-do_sfdisk_disk_geometry (char *device)
+do_sfdisk_disk_geometry (const char *device)
 {
   return sfdisk_flag (device, "-G");
 }