blob: a5ab828ee6371e982b26c61f062412809d9277ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
https://sources.debian.org/patches/fuseiso/20070708-3.2/02-prevent-buffer-overflow.patch/
https://bugs.gentoo.org/713328
----
Description: Prevent stack-based buffer overflow on too-long path names
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
--- a/src/isofs.c
+++ b/src/isofs.c
@@ -1532,13 +1532,23 @@
if(path[1] != '\0') { // not root dir
strcat(absolute_entry, "/");
};
- strcat(absolute_entry, entry);
- if(g_hash_table_lookup(lookup_table, absolute_entry)) {
- // already in lookup cache
+
+ if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) {
+ strcat(absolute_entry, entry);
+ if(g_hash_table_lookup(lookup_table, absolute_entry)) {
+ // already in lookup cache
+ isofs_free_inode(inode);
+ } else {
+ g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
+ };
+ }
+ else {
+ printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX);
isofs_free_inode(inode);
- } else {
- g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
- };
+ free(buf);
+ free(entry);
+ return -EIO;
+ }
free(entry);
|
