[PATCH rtems-tools v2] rtems-bin2c.c: Check length of buffer to be copied
Chris Johns
chrisj at rtems.org
Tue Sep 28 22:39:46 UTC 2021
Looks good. Thanks.
On 29/9/21 1:18 am, Ryan Long wrote:
> CID 1063892: Copy into fixed size buffer in process().
>
> Closes #4424
> ---
> misc/bin2c/rtems-bin2c.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
> index 8e32d25..ace1dae 100644
> --- a/misc/bin2c/rtems-bin2c.c
> +++ b/misc/bin2c/rtems-bin2c.c
> @@ -141,6 +141,19 @@ void process(const char *ifname, const char *ofname, const char *forced_name)
> char *ifbasename;
> ifbasename = basename(ifbasename_to_free);
>
> + /* Ensure length of ifbasename is shorter than length of buf */
> + if (strlen(ifbasename) > PATH_MAX+1) {
> + fprintf(
> + stderr,
> + "error: Base name of %s is too long\.n",
> + ifbasename
> + );
> + fclose(ifile);
> + if ( createC ) { fclose(ocfile); }
> + if ( createH ) { fclose(ohfile); }
> + exit(1);
> + }
> +
> strcpy(buf, ifbasename);
> sanitize_file_name(buf);
>
>
More information about the devel
mailing list