[PATCH rtems-tools] rtems-bin2c.c: Check length of buffer to be copied
Chris Johns
chrisj at rtems.org
Tue Sep 28 00:40:39 UTC 2021
On 28/9/21 7:28 am, Ryan Long wrote:
> CID 1063892: Copy into fixed size buffer in process().
>
> Closes #4424
> ---
> misc/bin2c/rtems-bin2c.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
> index 8e32d25..1668063 100644
> --- a/misc/bin2c/rtems-bin2c.c
> +++ b/misc/bin2c/rtems-bin2c.c
> @@ -141,6 +141,15 @@ void process(const char *ifname, const char *ofname, const char *forced_name)
> char *ifbasename;
> ifbasename = basename(ifbasename_to_free);
>
> + /* Ensure length of ifbasename is shorter than length of buf */
> + if (strlen(ifbasename) > PATH_MAX+1) {
> + fprintf(stderr, "not enough room to copy");
Can this please be `error: not enough room to copy` and then copy what?
Thanks
Chris
> + fclose(ifile);
> + if ( createC ) { fclose(ocfile); }
> + if ( createH ) { fclose(ohfile); }
> + exit(1);
> + }
> +
> strcpy(buf, ifbasename);
> sanitize_file_name(buf);
>
>
More information about the devel
mailing list