| Message ID | 20200409172333.12170-1-toertel@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | core: Fix CID 292110 cpio_utils extract_sw_description() | expand |
On 09/04/20 19:23, Mark Jonas wrote: > Success of opening output file is not checked. This leads to the > potential use of an invalid file descriptor. > > Signed-off-by: Mark Jonas <toertel@gmail.com> > --- > core/cpio_utils.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/core/cpio_utils.c b/core/cpio_utils.c > index cf428aa..cc96f7f 100644 > --- a/core/cpio_utils.c > +++ b/core/cpio_utils.c > @@ -690,6 +690,9 @@ int extract_sw_description(int fd, const char *descfile, off_t *offs) > strlcpy(output_file, TMPDIR, sizeof(output_file)); > strcat(output_file, fdh.filename); > fdout = openfileoutput(output_file); > + if (fdout < 0) { > + return -1; > + } > > if (lseek(fd, offset, SEEK_SET) < 0) { > ERROR("CPIO file corrupted : %s", strerror(errno)); > Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/core/cpio_utils.c b/core/cpio_utils.c index cf428aa..cc96f7f 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -690,6 +690,9 @@ int extract_sw_description(int fd, const char *descfile, off_t *offs) strlcpy(output_file, TMPDIR, sizeof(output_file)); strcat(output_file, fdh.filename); fdout = openfileoutput(output_file); + if (fdout < 0) { + return -1; + } if (lseek(fd, offset, SEEK_SET) < 0) { ERROR("CPIO file corrupted : %s", strerror(errno));
Success of opening output file is not checked. This leads to the potential use of an invalid file descriptor. Signed-off-by: Mark Jonas <toertel@gmail.com> --- core/cpio_utils.c | 3 +++ 1 file changed, 3 insertions(+)