From d0583c403952630c534b0605ff7d69af5ec473cc Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Fri, 16 May 2014 00:03:37 +0200 Subject: ptsname_r: don't leak uninitialized memory (BZ #16917) If the fd refers to a terminal device, but not a pty master, the TIOCGPTN ioctl returns with ENOTTY. This error is not caught, and the possibly undefined buffer passed to ptsname_r is sent directly to the stat64 syscall. Fix this by using a fallback to the old method only if the TIOCGPTN ioctl fails with EINVAL. This also fix the return value in that specific case (it return ENOENT without this patch). Also add tests to the ptsname_r function (and ptsname at the same time). Note: this is Debian bug#741482, reported by Jakub Wilk --- sysdeps/unix/sysv/linux/ptsname.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sysdeps') diff --git a/sysdeps/unix/sysv/linux/ptsname.c b/sysdeps/unix/sysv/linux/ptsname.c index ed39f8f520..3fc14a73b2 100644 --- a/sysdeps/unix/sysv/linux/ptsname.c +++ b/sysdeps/unix/sysv/linux/ptsname.c @@ -105,7 +105,9 @@ __ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp) memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p); } - else if (errno == EINVAL) + else if (errno != EINVAL) + return errno; + else #endif { char *p; -- cgit v1.2.3