xfs
[Top] [All Lists]

[PATCH 1/8] libhandle: Guard against string overflow in path_to_fspath()

To: xfs@xxxxxxxxxxx
Subject: [PATCH 1/8] libhandle: Guard against string overflow in path_to_fspath()
From: Eric Sandeen <sandeen@xxxxxxxxxx>
Date: Sat, 26 Jan 2013 16:40:25 -0600
Cc: Eric Sandeen <sandeen@xxxxxxxxxx>
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <1359240032-11576-1-git-send-email-sandeen@xxxxxxxxxx>
References: <1359240032-11576-1-git-send-email-sandeen@xxxxxxxxxx>
path_to_fspath does a blind strcpy into an array of
MAXPATHLEN; we should be sure to limit this so that it
does not go over the size of the array.

I don't think I see a way to get here today with a too-long
path, but I don't think it'll hurt to be defensive.

Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
---
 libhandle/handle.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libhandle/handle.c b/libhandle/handle.c
index b1ec5f2..9a232fa 100644
--- a/libhandle/handle.c
+++ b/libhandle/handle.c
@@ -158,7 +158,8 @@ path_to_fspath(char *path)
        if (S_ISREG(statbuf.st_mode) || S_ISDIR(statbuf.st_mode))
                return path;
 
-       strcpy(dirpath, path);
+       strncpy(dirpath, path, MAXPATHLEN);
+       dirpath[MAXPATHLEN-1] = '\0';
        return dirname(dirpath);
 }
 
-- 
1.7.1

<Prev in Thread] Current Thread [Next in Thread>