thr3ads.net - Libguestfs - [Libguestfs] [PATCH 1/2] Check that directory path is not too long (found by Coverity). [Feb 2012]

If this information is useful, please help other people find it:
Share via:

Richard W.M. Jones

2012-Feb-29 10:49 UTC

[Libguestfs] [PATCH 1/2] Check that directory path is not too long (found by Coverity).

From: "Richard W.M. Jones" <rjones at redhat.com>

Since we copy dirname + "/" + path to a fixed buffer of size PATH_MAX,
we need to check that the buffer cannot overflow.
---
 helper/appliance.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/helper/appliance.c b/helper/appliance.c
index c4d0b32..05ad3e5 100644
--- a/helper/appliance.c
+++ b/helper/appliance.c
@@ -168,15 +168,23 @@ iterate_input_directory (const char *dirname, int dirfd,
struct writer *writer)
   sort (entries, string_compare);
 
   char path[PATH_MAX];
-  strcpy (path, dirname);
+  char *inputs[] = { path };
   size_t len = strlen (dirname);
+
+  if (len + 1 >= PATH_MAX)
+    error (EXIT_FAILURE, 0, "%s: directory name too long", __func__);
+
+  strcpy (path, dirname);
   path[len++] = '/';
 
-  char *inputs[] = { path };
+  for (size_t i = 0; entries[i] != NULL; ++i) {
+    size_t len2 = strlen (entries[i]);
+
+    if (len + 1 + len2 >= PATH_MAX)
+      error (EXIT_FAILURE, 0, "%s: path name too long", __func__);
 
-  size_t i;
-  for (i = 0; entries[i] != NULL; ++i) {
     strcpy (&path[len], entries[i]);
+
     iterate_inputs (inputs, 1, writer);
   }
 }
-- 
1.7.9.1

Richard W.M. Jones

2012-Feb-29 10:49 UTC

head link

[Libguestfs] [PATCH 2/2] NUL-terminate buffer before printing (found by Coverity).

From: "Richard W.M. Jones" <rjones at redhat.com>

---
 helper/ext2cpio.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/helper/ext2cpio.c b/helper/ext2cpio.c
index 82cc3b4..9e434c3 100644
--- a/helper/ext2cpio.c
+++ b/helper/ext2cpio.c
@@ -98,8 +98,12 @@ parse_next_entry (void)
     error (EXIT_FAILURE, errno, "read failure reading cpio file");
   curr += sizeof header - 4;
 
-  if (verbose >= 2)
-    fprintf (stderr, "cpio header %s\n", header);
+  if (verbose >= 2) {
+    char header2[sizeof header + 1];
+    memcpy (header2, header, sizeof header);
+    header2[sizeof header] = '\0';
+    fprintf (stderr, "cpio header %s\n", header2);
+  }
 
   if (memcmp (header, "070707", 6) == 0)
     error (EXIT_FAILURE, 0, "incorrect cpio method: use -H newc
option");
-- 
1.7.9.1

Possibly Parallel Threads

Search for more possibly parallel threads

Libguestfs - Feb 2012 - [PATCH 1/2] Check that directory path is not too long (found by Coverity).

[Libguestfs] [PATCH 1/2] Check that directory path is not too long (found by Coverity).

[Libguestfs] [PATCH 2/2] NUL-terminate buffer before printing (found by Coverity).

Possibly Parallel Threads