sanchayanmaity/minix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

VFS: check path components for NAME_MAX length

Browse source
This commit is contained in:
Thomas Veerman 2012-07-26 15:22:16 +00:00
parent 48237f1730
commit f6b0d662b5
1 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
servers/vfs/path.c
View file

@ -211,7 +211,11 @@ struct fproc *rfp;
/* Just an entry in the current working directory. Prepend /* Just an entry in the current working directory. Prepend
* "./" in front of the path and resolve it. * "./" in front of the path and resolve it.
*/ */
strlcpy(dir_entry, resolve->l_path, NAME_MAX+1); if (strlcpy(dir_entry, resolve->l_path, NAME_MAX+1) >= NAME_MAX + 1) {
err_code = ENAMETOOLONG;
res_vp = NULL;
break;
}
dir_entry[NAME_MAX] = '\0'; dir_entry[NAME_MAX] = '\0';
resolve->l_path[0] = '.'; resolve->l_path[0] = '.';
resolve->l_path[1] = '\0'; resolve->l_path[1] = '\0';
@ -220,7 +224,11 @@ struct fproc *rfp;
strlcpy(dir_entry, ".", NAME_MAX+1); strlcpy(dir_entry, ".", NAME_MAX+1);
} else { } else {
/* A path name for the directory and a directory entry */ /* A path name for the directory and a directory entry */
strlcpy(dir_entry, cp+1, NAME_MAX+1); if (strlcpy(dir_entry, cp+1, NAME_MAX+1) >= NAME_MAX + 1) {
err_code = ENAMETOOLONG;
res_vp = NULL;
break;
}
cp[1] = '\0'; cp[1] = '\0';
dir_entry[NAME_MAX] = '\0'; dir_entry[NAME_MAX] = '\0';
} }
@ -579,8 +587,10 @@ char ename[NAME_MAX + 1];
return(EINVAL); /* Rubbish in dir entry */ return(EINVAL); /* Rubbish in dir entry */
if (entry->v_inode_nr == cur->d_ino) { if (entry->v_inode_nr == cur->d_ino) {
/* found the entry we were looking for */ /* found the entry we were looking for */
strlcpy(ename, cur->d_name, int copylen = MIN(name_len + 1, NAME_MAX + 1);
MIN(name_len + 1, NAME_MAX + 1)); if (strlcpy(ename, cur->d_name, copylen) >= copylen) {
return(ENAMETOOLONG);
}
ename[NAME_MAX] = '\0'; ename[NAME_MAX] = '\0';
return(OK); return(OK);
} }
@ -762,9 +772,7 @@ size_t pathlen;
canon_path[pathlen] = '\0'; canon_path[pathlen] = '\0';
/* Turn path into canonical path to the socket file */ /* Turn path into canonical path to the socket file */
if ((r = canonical_path(canon_path, rfp)) != OK) if ((r = canonical_path(canon_path, rfp)) != OK) return(r);
return(r);
if (strlen(canon_path) >= pathlen) return(ENAMETOOLONG); if (strlen(canon_path) >= pathlen) return(ENAMETOOLONG);
/* copy canon_path back to PFS */ /* copy canon_path back to PFS */