|
 |
8c1a2e |
From 05c639c8a0f61da73ca8f1f725f8f5394d8bf15f Mon Sep 17 00:00:00 2001
|
|
|
8c1a2e |
From: Jakub Martisko <jamartis@redhat.com>
|
|
|
8c1a2e |
Date: Thu, 2 Aug 2018 09:34:18 +0200
|
|
|
8c1a2e |
Subject: [PATCH] fix: file name buffer overflow in isoinfo
|
|
|
8c1a2e |
|
|
|
8c1a2e |
---
|
|
|
8c1a2e |
genisoimage/diag/isoinfo.c | 10 ++++++++++
|
|
|
8c1a2e |
1 file changed, 10 insertions(+)
|
|
|
8c1a2e |
|
|
|
8c1a2e |
diff --git a/genisoimage/diag/isoinfo.c b/genisoimage/diag/isoinfo.c
|
|
|
8c1a2e |
index 3cc2678..a08141d 100644
|
|
|
8c1a2e |
--- a/genisoimage/diag/isoinfo.c
|
|
|
8c1a2e |
+++ b/genisoimage/diag/isoinfo.c
|
|
|
8c1a2e |
@@ -763,6 +763,11 @@ parse_dir(char *rootname, int extent, int len)
|
|
|
8c1a2e |
strcat(td->name, name_buf);
|
|
|
8c1a2e |
strcat(td->name, "/");
|
|
|
8c1a2e |
} else {
|
|
|
8c1a2e |
+ if ( (PATH_MAX - strlen(rootname)) < strlen(name_buf))
|
|
|
8c1a2e |
+ {
|
|
|
8c1a2e |
+ fprintf(stderr, "Name too long: %s%s\n", rootname, name_buf);
|
|
|
8c1a2e |
+ exit(1);
|
|
|
8c1a2e |
+ }
|
|
|
8c1a2e |
strcpy(testname, rootname);
|
|
|
8c1a2e |
strcat(testname, name_buf);
|
|
|
8c1a2e |
if (xtract && strcmp(xtract, testname) == 0) {
|
|
|
8c1a2e |
@@ -772,6 +777,11 @@ parse_dir(char *rootname, int extent, int len)
|
|
|
8c1a2e |
if (do_find &&
|
|
|
8c1a2e |
(idr->name_len[0] != 1 ||
|
|
|
8c1a2e |
(idr->name[0] != 0 && idr->name[0] != 1))) {
|
|
|
8c1a2e |
+ if ( (PATH_MAX - strlen(rootname)) < strlen(name_buf))
|
|
|
8c1a2e |
+ {
|
|
|
8c1a2e |
+ fprintf(stderr, "Name too long: %s%s\n", rootname, name_buf);
|
|
|
8c1a2e |
+ exit(1);
|
|
|
8c1a2e |
+ }
|
|
|
8c1a2e |
strcpy(testname, rootname);
|
|
|
8c1a2e |
strcat(testname, name_buf);
|
|
|
8c1a2e |
printf("%s\n", testname);
|
|
|
8c1a2e |
--
|
|
|
8c1a2e |
2.14.4
|
|
|
8c1a2e |
|