[PATCH rtems-tools v2] rtems-bin2c.c: Check length of buffer to be copied

Chris Johns chrisj at rtems.org
Tue Sep 28 22:39:46 UTC 2021


Looks good. Thanks.

On 29/9/21 1:18 am, Ryan Long wrote:
>  CID 1063892: Copy into fixed size buffer in process().
> 
> Closes #4424
> ---
>  misc/bin2c/rtems-bin2c.c | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
> index 8e32d25..ace1dae 100644
> --- a/misc/bin2c/rtems-bin2c.c
> +++ b/misc/bin2c/rtems-bin2c.c
> @@ -141,6 +141,19 @@ void process(const char *ifname, const char *ofname, const char *forced_name)
>    char *ifbasename;
>    ifbasename = basename(ifbasename_to_free);
>  
> +  /* Ensure length of ifbasename is shorter than length of buf */
> +  if (strlen(ifbasename) > PATH_MAX+1) {
> +    fprintf(
> +      stderr,
> +      "error: Base name of %s is too long\.n",
> +      ifbasename
> +    );
> +    fclose(ifile);
> +    if ( createC ) { fclose(ocfile); }
> +    if ( createH ) { fclose(ohfile); }
> +    exit(1);
> +  }
> +
>    strcpy(buf, ifbasename);
>    sanitize_file_name(buf);
>  
> 


More information about the devel mailing list