X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Fsfdisk.c;h=20d7dc82d640c867284d5b69ed9d2af165b0c317;hp=1ec0c859b61b9eb80e453f3d58b85f2fe258feb8;hb=43eed091129212dd29996838cf1d76af0f8fc135;hpb=84fc760439e82e6b3616abd0d1f9bd7d7eb01ec0

diff --git a/daemon/sfdisk.c b/daemon/sfdisk.c
index 1ec0c85..20d7dc8 100644
--- a/daemon/sfdisk.c
+++ b/daemon/sfdisk.c
@@ -32,13 +32,13 @@
 static int
 sfdisk (const char *device, int n, int cyls, int heads, int sectors,
         const char *extra_flag,
-        char * const* const lines)
+        char *const *lines)
 {
   FILE *fp;
   char buf[256];
   int i;
 
-  strcpy (buf, "/sbin/sfdisk");
+  strcpy (buf, "sfdisk");
 
   if (n > 0)
     sprintf (buf + strlen (buf), " -N %d", n);
@@ -48,10 +48,23 @@ sfdisk (const char *device, int n, int cyls, int heads, int sectors,
     sprintf (buf + strlen (buf), " -H %d", heads);
   if (sectors)
     sprintf (buf + strlen (buf), " -S %d", sectors);
-  if (extra_flag)
+
+  /* The above are all guaranteed to fit in the fixed-size buffer.
+     However, extra_flag and device have no restrictions,
+     so we must check.  */
+
+  if (extra_flag) {
+    if (strlen (buf) + 1 + strlen (extra_flag) >= sizeof buf) {
+      reply_with_error ("internal buffer overflow: sfdisk extra_flag too long");
+      return -1;
+    }
     sprintf (buf + strlen (buf), " %s", extra_flag);
+  }
 
-  /* Safe because of RESOLVE_DEVICE above: */
+  if (strlen (buf) + 1 + strlen (device) >= sizeof buf) {
+    reply_with_error ("internal buffer overflow: sfdisk device name too long");
+    return -1;
+  }
   sprintf (buf + strlen (buf), " %s", device);
 
   if (verbose)
@@ -59,13 +72,13 @@ sfdisk (const char *device, int n, int cyls, int heads, int sectors,
 
   fp = popen (buf, "w");
   if (fp == NULL) {
-    reply_with_perror (buf);
+    reply_with_perror ("failed to open pipe: %s", buf);
     return -1;
   }
 
   for (i = 0; lines[i] != NULL; ++i) {
     if (fprintf (fp, "%s\n", lines[i]) < 0) {
-      reply_with_perror (buf);
+      reply_with_perror ("failed to write to pipe: %s", buf);
       pclose (fp);
       return -1;
     }
@@ -83,7 +96,7 @@ sfdisk (const char *device, int n, int cyls, int heads, int sectors,
 
 int
 do_sfdisk (const char *device, int cyls, int heads, int sectors,
-           char **lines)
+           char *const *lines)
 {
   return sfdisk (device, 0, cyls, heads, sectors, NULL, lines);
 }
@@ -92,13 +105,13 @@ int
 do_sfdisk_N (const char *device, int n, int cyls, int heads, int sectors,
              const char *line)
 {
-  const char *lines[2] = { line, NULL };
+  char const *const lines[2] = { line, NULL };
 
-  return sfdisk (device, n, cyls, heads, sectors, NULL, lines);
+  return sfdisk (device, n, cyls, heads, sectors, NULL, (void *) lines);
 }
 
 int
-do_sfdiskM (const char *device, char **lines)
+do_sfdiskM (const char *device, char *const *lines)
 {
   return sfdisk (device, 0, 0, 0, 0, "-uM", lines);
 }
@@ -109,9 +122,9 @@ sfdisk_flag (const char *device, const char *flag)
   char *out, *err;
   int r;
 
-  r = command (&out, &err, "/sbin/sfdisk", flag, device, NULL);
+  r = command (&out, &err, "sfdisk", flag, device, NULL);
   if (r == -1) {
-    reply_with_error ("sfdisk: %s: %s", device, err);
+    reply_with_error ("%s: %s", device, err);
     free (out);
     free (err);
     return NULL;