This is an automated email from the ASF dual-hosted git repository. acassis pushed a commit to branch pr54 in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git
commit 88af07173ff5de2d3e9fa330b2eb1d9fd4b4d292 Author: Alin Jerpelea <[email protected]> AuthorDate: Tue Dec 12 15:32:51 2017 +0900 fs: smartfs: Fix buffer overrun --- fs/smartfs/smartfs_utils.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/fs/smartfs/smartfs_utils.c b/fs/smartfs/smartfs_utils.c index 971cf15..fcb3118 100644 --- a/fs/smartfs/smartfs_utils.c +++ b/fs/smartfs/smartfs_utils.c @@ -57,6 +57,12 @@ #include "smartfs.h" /**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define WORKBUFFER_SIZE 256 + +/**************************************************************************** * Private Data ****************************************************************************/ @@ -269,7 +275,7 @@ int smartfs_mount(struct smartfs_mountpt_s *fs, bool writeable) if (nextfs == NULL) { fs->fs_rwbuffer = (char *) kmm_malloc(fs->fs_llformat.availbytes); - fs->fs_workbuffer = (char *) kmm_malloc(256); + fs->fs_workbuffer = (char *) kmm_malloc(WORKBUFFER_SIZE); } /* Now add ourselves to the linked list of SMART mounts */ @@ -293,7 +299,7 @@ int smartfs_mount(struct smartfs_mountpt_s *fs, bool writeable) #endif fs->fs_rwbuffer = (char *) kmm_malloc(fs->fs_llformat.availbytes); - fs->fs_workbuffer = (char *) kmm_malloc(256); + fs->fs_workbuffer = (char *) kmm_malloc(WORKBUFFER_SIZE); fs->fs_rootsector = SMARTFS_ROOT_DIR_SECTOR; #endif /* CONFIG_SMARTFS_MULTI_ROOT_DIRS */ @@ -528,6 +534,14 @@ int smartfs_finddirentry(struct smartfs_mountpt_s *fs, ptr++; } + /* Check to avoid buffer overflow */ + + if (seglen >= WORKBUFFER_SIZE) + { + ret = -ENAMETOOLONG; + goto errout; + } + strncpy(fs->fs_workbuffer, segment, seglen); fs->fs_workbuffer[seglen] = '\0';
