All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/1] fs: fat_write: fix short name creation.
@ 2020-05-26 19:06 Heinrich Schuchardt
  2020-05-31 14:08 ` Simon Glass
  2020-07-08  3:03 ` Tom Rini
  0 siblings, 2 replies; 3+ messages in thread
From: Heinrich Schuchardt @ 2020-05-26 19:06 UTC (permalink / raw)
  To: u-boot

Truncate file names if the buffer size is exceeded to avoid a buffer
overflow.

Use Sphinx style function description.

Add a TODO comment.

Reported-by: CID 303779
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 fs/fat/fat_write.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index 59cc0bae94..b16a39d3ff 100644
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf)
 	return ret;
 }

-/*
- * Set short name in directory entry
+/**
+ * set_name() - set short name in directory entry
+ *
+ * @dirent:	directory entry
+ * @filename:	long file name
  */
 static void set_name(dir_entry *dirent, const char *filename)
 {
@@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename)
 	if (len == 0)
 		return;

-	strcpy(s_name, filename);
+	strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1);
+	s_name[VFAT_MAXLEN_BYTES - 1] = '\0';
 	uppercase(s_name, len);

 	period = strchr(s_name, '.');
@@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename)
 		memcpy(dirent->name, s_name, period_location);
 	} else {
 		memcpy(dirent->name, s_name, 6);
+		/*
+		 * TODO: Translating two long names with the same first six
+		 *       characters to the same short name is utterly wrong.
+		 *       Short names must be unique.
+		 */
 		dirent->name[6] = '~';
 		dirent->name[7] = '1';
 	}
--
2.26.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH 1/1] fs: fat_write: fix short name creation.
  2020-05-26 19:06 [PATCH 1/1] fs: fat_write: fix short name creation Heinrich Schuchardt
@ 2020-05-31 14:08 ` Simon Glass
  2020-07-08  3:03 ` Tom Rini
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Glass @ 2020-05-31 14:08 UTC (permalink / raw)
  To: u-boot

Hi Heinrich,

On Tue, 26 May 2020 at 13:12, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>
> Truncate file names if the buffer size is exceeded to avoid a buffer
> overflow.
>
> Use Sphinx style function description.
>
> Add a TODO comment.
>
> Reported-by: CID 303779
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  fs/fat/fat_write.c | 15 ++++++++++++---
>  1 file changed, 12 insertions(+), 3 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

See below

>
> diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
> index 59cc0bae94..b16a39d3ff 100644
> --- a/fs/fat/fat_write.c
> +++ b/fs/fat/fat_write.c
> @@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf)
>         return ret;
>  }
>
> -/*
> - * Set short name in directory entry
> +/**
> + * set_name() - set short name in directory entry
> + *
> + * @dirent:    directory entry
> + * @filename:  long file name
>   */
>  static void set_name(dir_entry *dirent, const char *filename)
>  {
> @@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename)
>         if (len == 0)
>                 return;
>
> -       strcpy(s_name, filename);
> +       strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1);
> +       s_name[VFAT_MAXLEN_BYTES - 1] = '\0';

Could use strlcpy() here

>         uppercase(s_name, len);
>
>         period = strchr(s_name, '.');
> @@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename)
>                 memcpy(dirent->name, s_name, period_location);
>         } else {
>                 memcpy(dirent->name, s_name, 6);
> +               /*
> +                * TODO: Translating two long names with the same first six
> +                *       characters to the same short name is utterly wrong.
> +                *       Short names must be unique.
> +                */
>                 dirent->name[6] = '~';
>                 dirent->name[7] = '1';
>         }
> --
> 2.26.2
>

Regards,
Simon

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH 1/1] fs: fat_write: fix short name creation.
  2020-05-26 19:06 [PATCH 1/1] fs: fat_write: fix short name creation Heinrich Schuchardt
  2020-05-31 14:08 ` Simon Glass
@ 2020-07-08  3:03 ` Tom Rini
  1 sibling, 0 replies; 3+ messages in thread
From: Tom Rini @ 2020-07-08  3:03 UTC (permalink / raw)
  To: u-boot

On Tue, May 26, 2020 at 09:06:50PM +0200, Heinrich Schuchardt wrote:

> Truncate file names if the buffer size is exceeded to avoid a buffer
> overflow.
> 
> Use Sphinx style function description.
> 
> Add a TODO comment.
> 
> Reported-by: CID 303779
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200707/0b0b54e6/attachment.sig>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-08  3:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-26 19:06 [PATCH 1/1] fs: fat_write: fix short name creation Heinrich Schuchardt
2020-05-31 14:08 ` Simon Glass
2020-07-08  3:03 ` Tom Rini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.