Re: [PATCH 1/1] fs: fat_write: fix short name creation.
On Tue, May 26, 2020 at 09:06:50PM +0200, Heinrich Schuchardt wrote: > Truncate file names if the buffer size is exceeded to avoid a buffer > overflow. > > Use Sphinx style function description. > > Add a TODO comment. > > Reported-by: CID 303779 > Signed-off-by: Heinrich Schuchardt > Reviewed-by: Simon Glass Applied to u-boot/master, thanks! -- Tom signature.asc Description: PGP signature
Re: [PATCH 1/1] fs: fat_write: fix short name creation.
Hi Heinrich, On Tue, 26 May 2020 at 13:12, Heinrich Schuchardt wrote: > > Truncate file names if the buffer size is exceeded to avoid a buffer > overflow. > > Use Sphinx style function description. > > Add a TODO comment. > > Reported-by: CID 303779 > Signed-off-by: Heinrich Schuchardt > --- > fs/fat/fat_write.c | 15 --- > 1 file changed, 12 insertions(+), 3 deletions(-) Reviewed-by: Simon Glass See below > > diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c > index 59cc0bae94..b16a39d3ff 100644 > --- a/fs/fat/fat_write.c > +++ b/fs/fat/fat_write.c > @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void > *buf) > return ret; > } > > -/* > - * Set short name in directory entry > +/** > + * set_name() - set short name in directory entry > + * > + * @dirent:directory entry > + * @filename: long file name > */ > static void set_name(dir_entry *dirent, const char *filename) > { > @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char > *filename) > if (len == 0) > return; > > - strcpy(s_name, filename); > + strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1); > + s_name[VFAT_MAXLEN_BYTES - 1] = '\0'; Could use strlcpy() here > uppercase(s_name, len); > > period = strchr(s_name, '.'); > @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char > *filename) > memcpy(dirent->name, s_name, period_location); > } else { > memcpy(dirent->name, s_name, 6); > + /* > +* TODO: Translating two long names with the same first six > +* characters to the same short name is utterly wrong. > +* Short names must be unique. > +*/ > dirent->name[6] = '~'; > dirent->name[7] = '1'; > } > -- > 2.26.2 > Regards, Simon
[PATCH 1/1] fs: fat_write: fix short name creation.
Truncate file names if the buffer size is exceeded to avoid a buffer overflow. Use Sphinx style function description. Add a TODO comment. Reported-by: CID 303779 Signed-off-by: Heinrich Schuchardt --- fs/fat/fat_write.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c index 59cc0bae94..b16a39d3ff 100644 --- a/fs/fat/fat_write.c +++ b/fs/fat/fat_write.c @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf) return ret; } -/* - * Set short name in directory entry +/** + * set_name() - set short name in directory entry + * + * @dirent:directory entry + * @filename: long file name */ static void set_name(dir_entry *dirent, const char *filename) { @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename) if (len == 0) return; - strcpy(s_name, filename); + strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1); + s_name[VFAT_MAXLEN_BYTES - 1] = '\0'; uppercase(s_name, len); period = strchr(s_name, '.'); @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename) memcpy(dirent->name, s_name, period_location); } else { memcpy(dirent->name, s_name, 6); + /* +* TODO: Translating two long names with the same first six +* characters to the same short name is utterly wrong. +* Short names must be unique. +*/ dirent->name[6] = '~'; dirent->name[7] = '1'; } -- 2.26.2