From patchwork Fri Mar 1 18:37:39 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Elie De Brauwer X-Patchwork-Id: 224429 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:4978:20e::2]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 038602C0301 for ; Sat, 2 Mar 2013 05:39:43 +1100 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1UBUqW-0002H1-DC; Fri, 01 Mar 2013 18:38:16 +0000 Received: from mail-ee0-f46.google.com ([74.125.83.46]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1UBUqL-0002EB-S2 for linux-mtd@lists.infradead.org; Fri, 01 Mar 2013 18:38:06 +0000 Received: by mail-ee0-f46.google.com with SMTP id e49so2669067eek.33 for ; Fri, 01 Mar 2013 10:38:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references; bh=iMu7EZl/8gdMV+8oLH158zDLSTKEx6Em2qFR9ahz03M=; b=a6l0pZDEui4OL4piKYnCIBNPk01J7MGr1u2Dzj2784xgoGpQ0AK9dF7qKmIV8uGw/c HSNValnVSWe80gAzVrptCdFMXm/u97S+GmvOKyHXVApIYjcSrjPhVKLehm0s9zy2Xn24 4LpQz/i76+I1CW6ZGEj+GVTaKeSBIk2IG4Q18bj6lCOj7MSq1bkBjSvf+0OR4KjbBBj0 fIuVN2a33l9pd9hLl8hjamPho4RAky1DUKJ1u9B+QT61sfR1BfTKV/hyw+DvAcdKJlvm U8KXPchSMqjC7SV4Hv318Key/FL9cw6yeX9vBBtew86JL2bbm6XzY4QdhWrlwskQr16m ybtw== X-Received: by 10.14.219.129 with SMTP id m1mr30395992eep.16.1362163083872; Fri, 01 Mar 2013 10:38:03 -0800 (PST) Received: from lapelidb.telenet.be (dD576B56A.access.telenet.be. [213.118.181.106]) by mx.google.com with ESMTPS id f47sm18434443eep.13.2013.03.01.10.38.02 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 01 Mar 2013 10:38:03 -0800 (PST) From: Elie De Brauwer To: linux-mtd@lists.infradead.org Subject: [PATCH 3/4] integck.c: Fix buffer overflow in save_file, avoid possible failure to write buffers when the filename length is equal to max_name_len Date: Fri, 1 Mar 2013 19:37:39 +0100 Message-Id: <1362163060-5629-4-git-send-email-eliedebrauwer@gmail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1362163060-5629-1-git-send-email-eliedebrauwer@gmail.com> References: <1362163060-5629-1-git-send-email-eliedebrauwer@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130301_133806_032366_A826AF8F X-CRM114-Status: GOOD ( 10.29 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (eliedebrauwer[at]gmail.com) -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [74.125.83.46 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: eliedebrauwer@gmail.com X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Elie De Brauwer --- tests/fs-tests/integrity/integck.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tests/fs-tests/integrity/integck.c b/tests/fs-tests/integrity/integck.c index 5ea3642..ee37a0d 100644 --- a/tests/fs-tests/integrity/integck.c +++ b/tests/fs-tests/integrity/integck.c @@ -32,11 +32,11 @@ #include #include #include +#include #include #include #include #include -#include #define PROGRAM_VERSION "1.1" #define PROGRAM_NAME "integck" @@ -1433,12 +1433,17 @@ static void save_file(int fd, struct file_info *file) int w_fd; struct write_info *w; char buf[IO_BUFFER_SIZE]; - char name[256]; + char name[FILENAME_MAX]; + const char * read_suffix = ".integ.sav.read"; + const char * write_suffix = ".integ.sav.written"; + size_t fname_len = strlen(get_file_name(file)); /* Open file to save contents to */ strcpy(name, "/tmp/"); - strcat(name, get_file_name(file)); - strcat(name, ".integ.sav.read"); + if (fname_len + strlen(read_suffix) > fsinfo.max_name_len) + fname_len = fsinfo.max_name_len - strlen(read_suffix); + strncat(name, get_file_name(file), fname_len); + strcat(name, read_suffix); normsg("Saving %sn", name); w_fd = open(name, O_CREAT | O_WRONLY, 0777); CHECK(w_fd != -1); @@ -1457,8 +1462,10 @@ static void save_file(int fd, struct file_info *file) /* Open file to save contents to */ strcpy(name, "/tmp/"); - strcat(name, get_file_name(file)); - strcat(name, ".integ.sav.written"); + if (fname_len + strlen(write_suffix) > fsinfo.max_name_len) + fname_len = fsinfo.max_name_len - strlen(write_suffix); + strncat(name, get_file_name(file), fname_len); + strcat(name, write_suffix); normsg("Saving %s", name); w_fd = open(name, O_CREAT | O_WRONLY, 0777); CHECK(w_fd != -1);