Protected output -find -exec list_extattr from potential overflow. Coverity CID 28780.
This commit is contained in:
parent
12956c5d5d
commit
17ba65b8b6
@ -894,11 +894,12 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
|
|||||||
char *comp, size_t comp_len,
|
char *comp, size_t comp_len,
|
||||||
char *mode, int flag)
|
char *mode, int flag)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret, line_limit;
|
||||||
char *line, *wpt, *bsl = NULL;
|
char *line, *wpt, *bsl = NULL;
|
||||||
unsigned char *upt, *uval;
|
unsigned char *upt, *uval;
|
||||||
|
|
||||||
line= xorriso->result_line;
|
line= xorriso->result_line;
|
||||||
|
line_limit= sizeof(xorriso->result_line);
|
||||||
uval= (unsigned char *) comp;
|
uval= (unsigned char *) comp;
|
||||||
|
|
||||||
if(*mode == 'q') {
|
if(*mode == 'q') {
|
||||||
@ -913,6 +914,8 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
|
|||||||
strcat(line, "\"$(echo -e '");
|
strcat(line, "\"$(echo -e '");
|
||||||
wpt= line + strlen(line);
|
wpt= line + strlen(line);
|
||||||
for(upt= uval; (size_t) (upt - uval) < comp_len; upt++) {
|
for(upt= uval; (size_t) (upt - uval) < comp_len; upt++) {
|
||||||
|
if(wpt - line + 5 + 3 + 1 > line_limit) /* "\\0xyz" + "')\"" + 0 */
|
||||||
|
goto too_much;
|
||||||
if(*upt <= 037 || *upt >= 0177 || *upt == '\\' || *upt == '\'') {
|
if(*upt <= 037 || *upt >= 0177 || *upt == '\\' || *upt == '\'') {
|
||||||
if(flag & 1)
|
if(flag & 1)
|
||||||
*(wpt++)= '\\';
|
*(wpt++)= '\\';
|
||||||
@ -932,10 +935,14 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
|
|||||||
ret= Sfile_bsl_encoder(&bsl, comp, comp_len, 8);
|
ret= Sfile_bsl_encoder(&bsl, comp, comp_len, 8);
|
||||||
if(ret <= 0)
|
if(ret <= 0)
|
||||||
{ret= -1; goto ex;}
|
{ret= -1; goto ex;}
|
||||||
|
if(strlen(line) + strlen(bsl) + 1 > line_limit)
|
||||||
|
goto too_much;
|
||||||
strcat(line, bsl);
|
strcat(line, bsl);
|
||||||
free(bsl);
|
free(bsl);
|
||||||
bsl= NULL;
|
bsl= NULL;
|
||||||
} else if(*mode == 'r') {
|
} else if(*mode == 'r') {
|
||||||
|
if(strlen(line) + strlen(comp) + 1 > line_limit)
|
||||||
|
goto too_much;
|
||||||
strcat(line, comp);
|
strcat(line, comp);
|
||||||
}
|
}
|
||||||
ret= 1;
|
ret= 1;
|
||||||
@ -943,6 +950,11 @@ ex:;
|
|||||||
if(bsl != NULL)
|
if(bsl != NULL)
|
||||||
free(bsl);
|
free(bsl);
|
||||||
return(ret);
|
return(ret);
|
||||||
|
too_much:;
|
||||||
|
Xorriso_msgs_submit(xorriso, 0, "Oversized BSD-style file attribute",
|
||||||
|
0, "FAILURE", 0);
|
||||||
|
ret= -1;
|
||||||
|
goto ex;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
#define Xorriso_timestamP "2015.11.11.192609"
|
#define Xorriso_timestamP "2015.11.12.123345"
|
||||||
|
Loading…
Reference in New Issue
Block a user