From f5c4ad4903d6eca33ba18b7ec5fc339ae429ef27 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Fri, 13 Nov 2015 15:28:05 +0000 Subject: [PATCH] Prevented possible buffer overflow with -getfacl. Coverity CID 28695. --- xorriso/iso_tree.c | 13 ++++++++++--- xorriso/xorriso_timestamp.h | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/xorriso/iso_tree.c b/xorriso/iso_tree.c index cc2a0456..9ec7e7e3 100644 --- a/xorriso/iso_tree.c +++ b/xorriso/iso_tree.c @@ -753,7 +753,8 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path, if(pass) { sprintf(*acl_text + strlen(*acl_text), "%s\n", cpt); } else if(!(flag & 1)) { - Sfile_str(xorriso->result_line, cpt, 0); + if(Sfile_str(xorriso->result_line, cpt, 0) <= 0) + goto too_long; strcat(xorriso->result_line, "\n"); Xorriso_result(xorriso, 0); } @@ -775,8 +776,10 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path, } else { xorriso->result_line[0]= 0; if(what == 0) - Sfile_str(xorriso->result_line, "default:", 0); - Sfile_str(xorriso->result_line, cpt, 1); + if(Sfile_str(xorriso->result_line, "default:", 0) <= 0) + goto too_long; + if(Sfile_str(xorriso->result_line, cpt, 1) <= 0) + goto too_long; result_len+= strlen(cpt) + 9; } } else @@ -800,6 +803,10 @@ int Xorriso_getfacl(struct XorrisO *xorriso, void *in_node, char *path, ex:; iso_node_get_acl_text(node, &text, &d_text, 1 << 15); return(ret); +too_long: + Xorriso_msgs_submit(xorriso, 0, "Oversized ACL", 0, "FAILURE", 0); + ret= 0; + goto ex; } diff --git a/xorriso/xorriso_timestamp.h b/xorriso/xorriso_timestamp.h index 49898168..d6670bf7 100644 --- a/xorriso/xorriso_timestamp.h +++ b/xorriso/xorriso_timestamp.h @@ -1 +1 @@ -#define Xorriso_timestamP "2015.11.12.160620" +#define Xorriso_timestamP "2015.11.13.152751"