[Yaffs] patch: mkyaffsimage - buffer overflow fix

Top Page
Attachments:
Message as email
+ (text/plain)
+ yaffs_userland_08_mkyaffsimage_buf_overflow.patch (text/plain)
Delete this message
Reply to this message
Author: Frank Rowand
Date:  
To: yaffs
Subject: [Yaffs] patch: mkyaffsimage - buffer overflow fix
The attached patch prevents a buffer overflow which occurs when a
path becomes too long.

(And with this patch, I'll end my tiny flood of the email list...)

-Frank
--
Frank Rowand <>
MontaVista Software, Inc
Index: yaffs/utils/mkyaffsimage.c
===================================================================
--- yaffs.orig/utils/mkyaffsimage.c
+++ yaffs/utils/mkyaffsimage.c
@@ -385,7 +385,9 @@

 static int process_directory(int parent, const char *path)
 {
+#define FULL_NAME_LEN 500
     int error = 0;
+    int len;
     DIR *dir;
     struct dirent *entry;


@@ -402,12 +404,20 @@
             if(strcmp(entry->d_name,".") &&
                strcmp(entry->d_name,".."))
              {
-                 char full_name[500];
+                 char full_name[FULL_NAME_LEN];
                 struct stat stats;
                 int equivalentObj;
                 int newObj;

                
-                sprintf(full_name,"%s/%s",path,entry->d_name);
+                len = snprintf(full_name,FULL_NAME_LEN,"%s/%s",path,entry->d_name);
+                if (len > FULL_NAME_LEN)
+                {
+                    printf("%s/%s\n",path,entry->d_name);
+                    printf("ERROR: length of path >= %d\n", FULL_NAME_LEN);
+                    error = -1;
+                    errno = ENAMETOOLONG;
+                    continue;
+                }

                
                 lstat(full_name,&stats);