[Libguestfs] [PATCH 1/2] Check that directory path is not too long (found by Coverity).
Richard W.M. Jones
rjones at redhat.com
Wed Feb 29 10:49:44 UTC 2012
From: "Richard W.M. Jones" <rjones at redhat.com>
Since we copy dirname + "/" + path to a fixed buffer of size PATH_MAX,
we need to check that the buffer cannot overflow.
---
helper/appliance.c | 16 ++++++++++++----
1 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/helper/appliance.c b/helper/appliance.c
index c4d0b32..05ad3e5 100644
--- a/helper/appliance.c
+++ b/helper/appliance.c
@@ -168,15 +168,23 @@ iterate_input_directory (const char *dirname, int dirfd, struct writer *writer)
sort (entries, string_compare);
char path[PATH_MAX];
- strcpy (path, dirname);
+ char *inputs[] = { path };
size_t len = strlen (dirname);
+
+ if (len + 1 >= PATH_MAX)
+ error (EXIT_FAILURE, 0, "%s: directory name too long", __func__);
+
+ strcpy (path, dirname);
path[len++] = '/';
- char *inputs[] = { path };
+ for (size_t i = 0; entries[i] != NULL; ++i) {
+ size_t len2 = strlen (entries[i]);
+
+ if (len + 1 + len2 >= PATH_MAX)
+ error (EXIT_FAILURE, 0, "%s: path name too long", __func__);
- size_t i;
- for (i = 0; entries[i] != NULL; ++i) {
strcpy (&path[len], entries[i]);
+
iterate_inputs (inputs, 1, writer);
}
}
--
1.7.9.1
More information about the Libguestfs
mailing list