core: fix the major:minor number comparison between the device and sysfs

Current code will incorrectly conclude that a device "1:1" matches
a sysfs device "1:10" as the length it reads from sysfsp is based on
the devstr length, which in this example is 3.

Always read the whole sysfs attribute and compare the string generated
from actual major:minor numbers against it (minus the trailing newline).

Fixes: d9b1c1f14c6b ("core: harden gpiod_chip_open()")
Reported-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>

diff --git a/lib/core.c b/lib/core.c
index 05e5a46b2a4235720257a5c87a474406f8da655b..7ddb568f8885146931118091cc61c39dd9095363 100644 (file)
--- a/lib/core.c
+++ b/lib/core.c
@@ -120,12 +120,14 @@ static bool is_gpiochip_cdev(const char *path)
                goto out_free_sysfsp;
 
        memset(sysfsdev, 0, sizeof(sysfsdev));
-       rd = read(fd, sysfsdev, strlen(devstr));
+       rd = read(fd, sysfsdev, sizeof(sysfsdev) - 1);
        close(fd);
        if (rd < 0)
                goto out_free_sysfsp;
 
-       if (strcmp(sysfsdev, devstr) != 0) {
+       rd--; /* Ignore trailing newline. */
+       if ((size_t)rd != strlen(devstr) ||
+           strncmp(sysfsdev, devstr, rd) != 0) {
                errno = ENODEV;
                goto out_free_sysfsp;
        }