android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Copy one extra byte from userspace filename (#958)

Browse Source 
Otherwise we will rewrite paths for filenames that begins with
`/system/bin/su`.

This fix copies one extra byte from userspace filename so that when we
encounter filenames like `/system/bin/suasf`,
`/system/bin/su\0` gets compared with `/system/bin/sua`, which correctly
prevents the `su -> sh` path rewriting.

Close #957
This commit is contained in:
Levi Zim
2023-09-16 12:23:04 +08:00
committed by GitHub
parent 08745664a6
commit cbb98a1de9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kernel/sucompat.c
View File

@@ -48,7 +48,7 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
return 0; return 0;
} }
char path[sizeof(su)]; char path[sizeof(su) + 1];
memset(path, 0, sizeof(path)); memset(path, 0, sizeof(path));
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path)); ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
@@ -73,7 +73,7 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
return 0; return 0;
} }
char path[sizeof(su)]; char path[sizeof(su) + 1];
memset(path, 0, sizeof(path)); memset(path, 0, sizeof(path));
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path)); ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));