Protected output -find -exec list_extattr from potential overflow. Coverity CID 28780.

This commit is contained in:
Thomas Schmitt 2015-11-12 12:34:01 +00:00
parent 12956c5d5d
commit 17ba65b8b6
2 changed files with 14 additions and 2 deletions

View File

@ -894,11 +894,12 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
char *comp, size_t comp_len, char *comp, size_t comp_len,
char *mode, int flag) char *mode, int flag)
{ {
int ret; int ret, line_limit;
char *line, *wpt, *bsl = NULL; char *line, *wpt, *bsl = NULL;
unsigned char *upt, *uval; unsigned char *upt, *uval;
line= xorriso->result_line; line= xorriso->result_line;
line_limit= sizeof(xorriso->result_line);
uval= (unsigned char *) comp; uval= (unsigned char *) comp;
if(*mode == 'q') { if(*mode == 'q') {
@ -913,6 +914,8 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
strcat(line, "\"$(echo -e '"); strcat(line, "\"$(echo -e '");
wpt= line + strlen(line); wpt= line + strlen(line);
for(upt= uval; (size_t) (upt - uval) < comp_len; upt++) { for(upt= uval; (size_t) (upt - uval) < comp_len; upt++) {
if(wpt - line + 5 + 3 + 1 > line_limit) /* "\\0xyz" + "')\"" + 0 */
goto too_much;
if(*upt <= 037 || *upt >= 0177 || *upt == '\\' || *upt == '\'') { if(*upt <= 037 || *upt >= 0177 || *upt == '\\' || *upt == '\'') {
if(flag & 1) if(flag & 1)
*(wpt++)= '\\'; *(wpt++)= '\\';
@ -932,10 +935,14 @@ int Xorriso_append_extattr_comp(struct XorrisO *xorriso,
ret= Sfile_bsl_encoder(&bsl, comp, comp_len, 8); ret= Sfile_bsl_encoder(&bsl, comp, comp_len, 8);
if(ret <= 0) if(ret <= 0)
{ret= -1; goto ex;} {ret= -1; goto ex;}
if(strlen(line) + strlen(bsl) + 1 > line_limit)
goto too_much;
strcat(line, bsl); strcat(line, bsl);
free(bsl); free(bsl);
bsl= NULL; bsl= NULL;
} else if(*mode == 'r') { } else if(*mode == 'r') {
if(strlen(line) + strlen(comp) + 1 > line_limit)
goto too_much;
strcat(line, comp); strcat(line, comp);
} }
ret= 1; ret= 1;
@ -943,6 +950,11 @@ ex:;
if(bsl != NULL) if(bsl != NULL)
free(bsl); free(bsl);
return(ret); return(ret);
too_much:;
Xorriso_msgs_submit(xorriso, 0, "Oversized BSD-style file attribute",
0, "FAILURE", 0);
ret= -1;
goto ex;
} }

View File

@ -1 +1 @@
#define Xorriso_timestamP "2015.11.11.192609" #define Xorriso_timestamP "2015.11.12.123345"