Blob Blame History Raw
From f03f1fc43b30c377a553daf7709e1f0f392a532b Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed, 1 Jun 2011 10:57:00 +0200
Subject: [PATCH] vvfat: Fix potential buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

path2[PATH_MAX] can be used for the null termination, so make the array big
enough to allow this.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 0d460d6f414e02805cbc348404db03b2b7907360)

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
 block/vvfat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index fe568fe..98b58f0 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -1741,7 +1741,7 @@ static int check_directory_consistency(BDRVVVFATState *s,
 
     long_file_name lfn;
     int path_len = strlen(path);
-    char path2[PATH_MAX];
+    char path2[PATH_MAX + 1];
 
     assert(path_len < PATH_MAX); /* len was tested before! */
     pstrcpy(path2, sizeof(path2), path);
-- 
1.7.11.2