| Message ID | 20200526190650.22968-1-xypron.glpk@gmx.de |
|---|---|
| State | Accepted |
| Commit | a20f0c820fb024a48f667334777ca4022838693d |
| Headers | show |
| Series | [1/1] fs: fat_write: fix short name creation. | expand |
Hi Heinrich, On Tue, 26 May 2020 at 13:12, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote: > > Truncate file names if the buffer size is exceeded to avoid a buffer > overflow. > > Use Sphinx style function description. > > Add a TODO comment. > > Reported-by: CID 303779 > Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> > --- > fs/fat/fat_write.c | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) Reviewed-by: Simon Glass <sjg at chromium.org> See below > > diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c > index 59cc0bae94..b16a39d3ff 100644 > --- a/fs/fat/fat_write.c > +++ b/fs/fat/fat_write.c > @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf) > return ret; > } > > -/* > - * Set short name in directory entry > +/** > + * set_name() - set short name in directory entry > + * > + * @dirent: directory entry > + * @filename: long file name > */ > static void set_name(dir_entry *dirent, const char *filename) > { > @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename) > if (len == 0) > return; > > - strcpy(s_name, filename); > + strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1); > + s_name[VFAT_MAXLEN_BYTES - 1] = '\0'; Could use strlcpy() here > uppercase(s_name, len); > > period = strchr(s_name, '.'); > @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename) > memcpy(dirent->name, s_name, period_location); > } else { > memcpy(dirent->name, s_name, 6); > + /* > + * TODO: Translating two long names with the same first six > + * characters to the same short name is utterly wrong. > + * Short names must be unique. > + */ > dirent->name[6] = '~'; > dirent->name[7] = '1'; > } > -- > 2.26.2 > Regards, Simon
diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c index 59cc0bae94..b16a39d3ff 100644 --- a/fs/fat/fat_write.c +++ b/fs/fat/fat_write.c @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf) return ret; } -/* - * Set short name in directory entry +/** + * set_name() - set short name in directory entry + * + * @dirent: directory entry + * @filename: long file name */ static void set_name(dir_entry *dirent, const char *filename) { @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename) if (len == 0) return; - strcpy(s_name, filename); + strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1); + s_name[VFAT_MAXLEN_BYTES - 1] = '\0'; uppercase(s_name, len); period = strchr(s_name, '.'); @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename) memcpy(dirent->name, s_name, period_location); } else { memcpy(dirent->name, s_name, 6); + /* + * TODO: Translating two long names with the same first six + * characters to the same short name is utterly wrong. + * Short names must be unique. + */ dirent->name[6] = '~'; dirent->name[7] = '1'; }
Truncate file names if the buffer size is exceeded to avoid a buffer overflow. Use Sphinx style function description. Add a TODO comment. Reported-by: CID 303779 Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> --- fs/fat/fat_write.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) -- 2.26.2