Here is a patch for function CheckMounts that fixes a problem with linux
supermount filesystem mounts. The function tried to access memory
that was allocated for mnt_type and mnt_dev previously, but there was
not enough space to hold mnt_opts. This caused a buffer overflow while
reading the following line from /etc/fstab.
/mnt/cdrom /mnt/cdrom supermount fs=iso9660,dev=/dev/cdrom 0 0
— SDL-1.2.3/src/cdrom/linux/SDL_syscdrom.c Thu Aug 9 08:34:17 2001
+++ SDL-1.2.3-patched/src/cdrom/linux/SDL_syscdrom.c Tue Nov 20 03:18:27 2001
@@ -203,18 +203,24 @@
if ( strcmp(mnt_type, MNTTYPE_SUPER) == 0 ) {
tmp = strstr(mntent->mnt_opts, “fs=”);
if ( tmp ) {
-
strcpy(mnt_type, tmp+strlen("fs=")); -
tmp = strchr(mnt_type, ','); -
if ( tmp ) { -
*tmp = '\0';
-
free(mnt_type); -
mnt_type = strdup(tmp + strlen("fs=")); -
if ( mnt_type ) { -
tmp = strchr(mnt_type, ','); -
if ( tmp ) { -
*tmp = '\0'; -
} } } tmp = strstr(mntent->mnt_opts, "dev="); if ( tmp ) {
-
strcpy(mnt_dev, tmp+strlen("dev=")); -
tmp = strchr(mnt_dev, ','); -
if ( tmp ) { -
*tmp = '\0';
-
free(mnt_dev); -
mnt_dev = strdup(tmp + strlen("dev=")); -
if ( mnt_dev ) { -
tmp = strchr(mnt_dev, ','); -
if ( tmp ) { -
*tmp = '\0'; -
} } } }