On Wed, Sep 19, 2012 at 05:43:10PM +0800, Wanlong Gao wrote: > On 08/21/2012 04:25 PM, Richard W.M. Jones wrote: > > Another thing: Don't use sprintf, ever. With the wrong $TMPDIR that > > code above is a security hole. Since you need to quote 'dir' (since > > it comes from user input) you're going to have to rewrite the whole > > call to system(3) so that it uses fork + exec instead. > > Can you explain more? Sorry I can't understand where is the security > hole.
sprintf doesn't check the size of the output buffer. The output buffer always needs to be sized big enough for all inputs, else you'll have a buffer overflow. The simple way to avoid this is to use asprintf which allocates the output buffer of the correct size for you. > And if I use fork + exec, how can I make "stempdir" and "dir" > together to an "argv[]" for the argument of exec? Have a look at: https://github.com/libguestfs/libguestfs/blob/f9f0767e20847734db3747c06b4ff11729a62a07/src/launch.c#L527 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
