[8/8] mtd-utils: Add checks to code that copies strings into fixed sized buffers
diff mbox series

Message ID 20200128172715.19545-9-david.oberhollenzer@sigma-star.at
State New
Headers show
Series
  • mtd-utils: fixes for various issues reported by static analysis
Related show

Commit Message

David Oberhollenzer Jan. 28, 2020, 5:27 p.m. UTC
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 jffsX-utils/jffs2dump.c | 3 ++-
 ubi-utils/ubirename.c   | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

Patch
diff mbox series

diff --git a/jffsX-utils/jffs2dump.c b/jffsX-utils/jffs2dump.c
index ad7a9e3..d30b59f 100644
--- a/jffsX-utils/jffs2dump.c
+++ b/jffsX-utils/jffs2dump.c
@@ -149,7 +149,8 @@  static void process_options (int argc, char *argv[])
 				break;
 			case 'e':
 				convertendian = 1;
-				strcpy (cnvfile, optarg);
+				strncpy (cnvfile, optarg, sizeof(cnvfile) - 1);
+				cnvfile[sizeof(cnvfile) - 1] = '\0';
 				break;
 			case 'r':
 				recalccrc = 1;
diff --git a/ubi-utils/ubirename.c b/ubi-utils/ubirename.c
index f88ef82..97bf030 100644
--- a/ubi-utils/ubirename.c
+++ b/ubi-utils/ubirename.c
@@ -126,6 +126,13 @@  int main(int argc, char * const argv[])
 
 		rnvol.ents[count].vol_id = err;
 		rnvol.ents[count].name_len = strlen(argv[i + 1]);
+
+		if (rnvol.ents[count].name_len >=
+		    sizeof(rnvol.ents[count].name)) {
+			errmsg("\"%s\" volume name too long", argv[i + 1]);
+			goto out_libubi;
+		}
+
 		strcpy(rnvol.ents[count++].name, argv[i + 1]);
 	}