[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 1/2] Check that directory path is not too long (found by Coverity).



From: "Richard W.M. Jones" <rjones redhat com>

Since we copy dirname + "/" + path to a fixed buffer of size PATH_MAX,
we need to check that the buffer cannot overflow.
---
 helper/appliance.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/helper/appliance.c b/helper/appliance.c
index c4d0b32..05ad3e5 100644
--- a/helper/appliance.c
+++ b/helper/appliance.c
@@ -168,15 +168,23 @@ iterate_input_directory (const char *dirname, int dirfd, struct writer *writer)
   sort (entries, string_compare);
 
   char path[PATH_MAX];
-  strcpy (path, dirname);
+  char *inputs[] = { path };
   size_t len = strlen (dirname);
+
+  if (len + 1 >= PATH_MAX)
+    error (EXIT_FAILURE, 0, "%s: directory name too long", __func__);
+
+  strcpy (path, dirname);
   path[len++] = '/';
 
-  char *inputs[] = { path };
+  for (size_t i = 0; entries[i] != NULL; ++i) {
+    size_t len2 = strlen (entries[i]);
+
+    if (len + 1 + len2 >= PATH_MAX)
+      error (EXIT_FAILURE, 0, "%s: path name too long", __func__);
 
-  size_t i;
-  for (i = 0; entries[i] != NULL; ++i) {
     strcpy (&path[len], entries[i]);
+
     iterate_inputs (inputs, 1, writer);
   }
 }
-- 
1.7.9.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]