Prevented possible buffer overflow with -getfacl. Coverity CID 28695.

2015-11-13 15:28:05 +00:00 · 2015-11-13 15:28:05 +00:00 · 1103a7127e
commit 1103a7127e
parent eccb641c82
2 changed files with 11 additions and 4 deletions
--- a/libisoburn/trunk/xorriso/iso_tree.c
+++ b/libisoburn/trunk/xorriso/iso_tree.c
@ -753,7 +753,8 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path,
       if(pass) {
         sprintf(*acl_text + strlen(*acl_text), "%s\n", cpt);
       } else if(!(flag & 1)) {
-         Sfile_str(xorriso->result_line, cpt, 0);
+         if(Sfile_str(xorriso->result_line, cpt, 0) <= 0)
+           goto too_long;
         strcat(xorriso->result_line, "\n");
         Xorriso_result(xorriso, 0);
       }
@ -775,8 +776,10 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path,
         } else {
           xorriso->result_line[0]= 0;
           if(what == 0)
-             Sfile_str(xorriso->result_line, "default:", 0);
-           Sfile_str(xorriso->result_line, cpt, 1);
+             if(Sfile_str(xorriso->result_line, "default:", 0) <= 0)
+               goto too_long;
+           if(Sfile_str(xorriso->result_line, cpt, 1) <= 0)
+             goto too_long;
           result_len+= strlen(cpt) + 9;
         }
       } else
@ -800,6 +803,10 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path,
 ex:;
 iso_node_get_acl_text(node, &text, &d_text, 1 << 15);
 return(ret);
+too_long:
+ Xorriso_msgs_submit(xorriso, 0, "Oversized ACL", 0, "FAILURE", 0);
+ ret= 0;
+ goto ex;
 }


--- a/libisoburn/trunk/xorriso/xorriso_timestamp.h
+++ b/libisoburn/trunk/xorriso/xorriso_timestamp.h
@ -1 +1 @@
-#define Xorriso_timestamP "2015.11.12.160620"
+#define Xorriso_timestamP "2015.11.13.152751"