| To: | xfs@xxxxxxxxxxx |
|---|---|
| Subject: | [PATCH 5/8] xfs_fsr: guard against path string overflows |
| From: | Eric Sandeen <sandeen@xxxxxxxxxx> |
| Date: | Sat, 26 Jan 2013 16:40:29 -0600 |
| Cc: | Eric Sandeen <sandeen@xxxxxxxxxx> |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <1359240032-11576-1-git-send-email-sandeen@xxxxxxxxxx> |
| References: | <1359240032-11576-1-git-send-email-sandeen@xxxxxxxxxx> |
gettmpname() and getparent() blindly copy strings
into a target array; be sure we limit the copy to
the size of the target and null terminate it.
I don't see a way to get here with a too-long name,
since most paths try to open or stat the file already,
but it can't hurt to be defensive.
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
---
fsr/xfs_fsr.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/fsr/xfs_fsr.c b/fsr/xfs_fsr.c
index 2db2224..843f57d 100644
--- a/fsr/xfs_fsr.c
+++ b/fsr/xfs_fsr.c
@@ -1452,7 +1452,8 @@ gettmpname(char *fname)
sprintf(sbuf, "/.fsr%d", getpid());
- strcpy(buf, fname);
+ strncpy(buf, fname, PATH_MAX);
+ buf[PATH_MAX] = '\0';
ptr = strrchr(buf, '/');
if (ptr) {
*ptr = '\0';
@@ -1476,7 +1477,8 @@ getparent(char *fname)
static char buf[PATH_MAX+1];
char *ptr;
- strcpy(buf, fname);
+ strncpy(buf, fname, PATH_MAX);
+ buf[PATH_MAX] = '\0';
ptr = strrchr(buf, '/');
if (ptr) {
if (ptr == &buf[0])
--
1.7.1
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH 6/8] xfs_fsr: check strdup results properly in initallfs(), Eric Sandeen |
|---|---|
| Next by Date: | [PATCH 8/8] xfs_fsr: remove extraneous close() in fsrallfs(), Eric Sandeen |
| Previous by Thread: | [PATCH 6/8] xfs_fsr: check strdup results properly in initallfs(), Eric Sandeen |
| Next by Thread: | [PATCH 8/8] xfs_fsr: remove extraneous close() in fsrallfs(), Eric Sandeen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |