From: AJ Bagwell <anthony.bagw...@hivehome.com>
Fix write issues where sprintf writes across both name and ext fields
and drops the final null ternimator outside the struct
Signed-off-by: AJ Bagwell <anthony.bagw...@hivehome.com>
---
.../fixing-out-of-bound-writes.patch | 54 +++++++++++++++++++
.../dosfstools/dosfstools_2.11.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644
recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
diff --git
a/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
new file mode 100644
index 0000000..f80f5ab
--- /dev/null
+++ b/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch
@@ -0,0 +1,54 @@
+Fix out of bound write issues where sprintf writes across both
+name and ext fields and drops the final null ternimator outside the struct
+
+Upstream-Status: Inappropriate [licensing]
+We're tracking an old release of dosfstools due to licensing issues.
+
+diff --git a/dosfsck/check.c b/dosfsck/check.c
+index e8c13bb..91177d3 100644
+--- a/dosfsck/check.c
++++ b/dosfsck/check.c
+@@ -58,6 +58,13 @@ static DOS_FILE *root;
+ } \
+ } while(0)
+
++static void de_printf(DIR_ENT *de, const char *pattern, int curr_num)
++{
++ char buffer[12];
++ sprintf(buffer, pattern, curr_num);
++ memcpy(de->name, buffer, 8);
++ memcpy(de->ext, buffer + 8, 3);
++}
+
+ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern)
+ {
+@@ -110,7 +117,8 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const
char *pattern)
+ }
+ memset(de,0,sizeof(DIR_ENT));
+ while (1) {
+- sprintf(de->name,pattern,curr_num);
++ de_printf(de, pattern, curr_num);
++
+ clu_num = fs->root_cluster;
+ i = 0;
+ offset2 = cluster_start(fs,clu_num);
+@@ -150,7 +158,7 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const
char *pattern)
+ offset = fs->root_start+next_free*sizeof(DIR_ENT);
+ memset(de,0,sizeof(DIR_ENT));
+ while (1) {
+- sprintf(de->name,pattern,curr_num);
++ de_printf(de, pattern, curr_num);
+ for (scan = 0; scan < fs->root_entries; scan++)
+ if (scan != next_free &&
+ !strncmp(root[scan].name,de->name,MSDOS_NAME))
+@@ -311,8 +319,8 @@ static void auto_rename(DOS_FILE *file)
+ first = file->parent ? file->parent->first : root;
+ number = 0;
+ while (1) {
+- sprintf(file->dir_ent.name,"FSCK%04d",number);
+- strncpy(file->dir_ent.ext,"REN",3);
++ de_printf(&file->dir_ent, "FSCK%04dREN", number);
++
+ for (walk = first; walk; walk = walk->next)
+ if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent.
+ name,MSDOS_NAME)) break;
diff --git a/recipes-devtools/dosfstools/dosfstools_2.11.bb
b/recipes-devtools/dosfstools/dosfstools_2.11.bb
index dd543b1..37c2181 100644
--- a/recipes-devtools/dosfstools/dosfstools_2.11.bb
+++ b/recipes-devtools/dosfstools/dosfstools_2.11.bb
@@ -19,6 +19,7 @@ SRC_URI =
"http://pkgs.fedoraproject.org/repo/pkgs/${BPN}/${BP}.src.tar.gz/407d4
file://nofat32_autoselect.patch \
file://fix_populated_dosfs_creation.patch \
file://0001-Include-fcntl.h-for-getting-loff_t-definition.patch \
+ file://fixing-out-of-bound-writes.patch \
"
SRC_URI[md5sum] = "407d405ade410f7597d364ab5dc8c9f6"
--
2.17.1
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
