From 4d823fef34f44f1c7a6464db85305ed3068493ba Mon Sep 17 00:00:00 2001
From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Date: Tue, 3 Sep 2019 12:00:25 +0200
Subject: [PATCH] core: fix the major:minor number comparison between the
 device and sysfs

Current code will incorrectly conclude that a device "1:1" matches
a sysfs device "1:10" as the length it reads from sysfsp is based on
the devstr length, which in this example is 3.

Always read the whole sysfs attribute and compare the string generated
from actual major:minor numbers against it (minus the trailing newline).

Fixes: d9b1c1f14c6b ("core: harden gpiod_chip_open()")
Reported-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
---
 lib/core.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/core.c b/lib/core.c
index 05e5a46..7ddb568 100644
--- a/lib/core.c
+++ b/lib/core.c
@@ -120,12 +120,14 @@ static bool is_gpiochip_cdev(const char *path)
 		goto out_free_sysfsp;
 
 	memset(sysfsdev, 0, sizeof(sysfsdev));
-	rd = read(fd, sysfsdev, strlen(devstr));
+	rd = read(fd, sysfsdev, sizeof(sysfsdev) - 1);
 	close(fd);
 	if (rd < 0)
 		goto out_free_sysfsp;
 
-	if (strcmp(sysfsdev, devstr) != 0) {
+	rd--; /* Ignore trailing newline. */
+	if ((size_t)rd != strlen(devstr) ||
+	    strncmp(sysfsdev, devstr, rd) != 0) {
 		errno = ENODEV;
 		goto out_free_sysfsp;
 	}
-- 
2.30.2