From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Date: Tue, 3 Sep 2019 10:00:25 +0000 (+0200)
Subject: core: fix the major:minor number comparison between the device and sysfs
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=4d823fef34f44f1c7a6464db85305ed3068493ba;p=qemu-gpiodev%2Flibgpiod.git

core: fix the major:minor number comparison between the device and sysfs

Current code will incorrectly conclude that a device "1:1" matches
a sysfs device "1:10" as the length it reads from sysfsp is based on
the devstr length, which in this example is 3.

Always read the whole sysfs attribute and compare the string generated
from actual major:minor numbers against it (minus the trailing newline).

Fixes: d9b1c1f14c6b ("core: harden gpiod_chip_open()")
Reported-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
---

diff --git a/lib/core.c b/lib/core.c
index 05e5a46..7ddb568 100644
--- a/lib/core.c
+++ b/lib/core.c
@@ -120,12 +120,14 @@ static bool is_gpiochip_cdev(const char *path)
 		goto out_free_sysfsp;
 
 	memset(sysfsdev, 0, sizeof(sysfsdev));
-	rd = read(fd, sysfsdev, strlen(devstr));
+	rd = read(fd, sysfsdev, sizeof(sysfsdev) - 1);
 	close(fd);
 	if (rd < 0)
 		goto out_free_sysfsp;
 
-	if (strcmp(sysfsdev, devstr) != 0) {
+	rd--; /* Ignore trailing newline. */
+	if ((size_t)rd != strlen(devstr) ||
+	    strncmp(sysfsdev, devstr, rd) != 0) {
 		errno = ENODEV;
 		goto out_free_sysfsp;
 	}