Re: [PATCH 1/1] fs: fat_write: fix short name creation.
On Tue, May 26, 2020 at 09:06:50PM +0200, Heinrich Schuchardt wrote: > Truncate file names if the buffer size is exceeded to avoid a buffer > overflow. > > Use Sphinx style function description. > > Add a TODO comment. > > Reported-by: CID 303779 > Signed-off-by: Heinrich Schuchardt > Reviewed-by: Simon Glass Applied to u-boot/master, thanks! -- Tom signature.asc Description: PGP signature
Re: [PATCH 1/1] fs: fat_write: fix short name creation.
Hi Heinrich,
On Tue, 26 May 2020 at 13:12, Heinrich Schuchardt wrote:
>
> Truncate file names if the buffer size is exceeded to avoid a buffer
> overflow.
>
> Use Sphinx style function description.
>
> Add a TODO comment.
>
> Reported-by: CID 303779
> Signed-off-by: Heinrich Schuchardt
> ---
> fs/fat/fat_write.c | 15 ---
> 1 file changed, 12 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass
See below
>
> diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
> index 59cc0bae94..b16a39d3ff 100644
> --- a/fs/fat/fat_write.c
> +++ b/fs/fat/fat_write.c
> @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void
> *buf)
> return ret;
> }
>
> -/*
> - * Set short name in directory entry
> +/**
> + * set_name() - set short name in directory entry
> + *
> + * @dirent:directory entry
> + * @filename: long file name
> */
> static void set_name(dir_entry *dirent, const char *filename)
> {
> @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char
> *filename)
> if (len == 0)
> return;
>
> - strcpy(s_name, filename);
> + strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1);
> + s_name[VFAT_MAXLEN_BYTES - 1] = '\0';
Could use strlcpy() here
> uppercase(s_name, len);
>
> period = strchr(s_name, '.');
> @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char
> *filename)
> memcpy(dirent->name, s_name, period_location);
> } else {
> memcpy(dirent->name, s_name, 6);
> + /*
> +* TODO: Translating two long names with the same first six
> +* characters to the same short name is utterly wrong.
> +* Short names must be unique.
> +*/
> dirent->name[6] = '~';
> dirent->name[7] = '1';
> }
> --
> 2.26.2
>
Regards,
Simon
[PATCH 1/1] fs: fat_write: fix short name creation.
Truncate file names if the buffer size is exceeded to avoid a buffer
overflow.
Use Sphinx style function description.
Add a TODO comment.
Reported-by: CID 303779
Signed-off-by: Heinrich Schuchardt
---
fs/fat/fat_write.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index 59cc0bae94..b16a39d3ff 100644
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void
*buf)
return ret;
}
-/*
- * Set short name in directory entry
+/**
+ * set_name() - set short name in directory entry
+ *
+ * @dirent:directory entry
+ * @filename: long file name
*/
static void set_name(dir_entry *dirent, const char *filename)
{
@@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename)
if (len == 0)
return;
- strcpy(s_name, filename);
+ strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1);
+ s_name[VFAT_MAXLEN_BYTES - 1] = '\0';
uppercase(s_name, len);
period = strchr(s_name, '.');
@@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename)
memcpy(dirent->name, s_name, period_location);
} else {
memcpy(dirent->name, s_name, 6);
+ /*
+* TODO: Translating two long names with the same first six
+* characters to the same short name is utterly wrong.
+* Short names must be unique.
+*/
dirent->name[6] = '~';
dirent->name[7] = '1';
}
--
2.26.2
