lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed,  1 Feb 2023 00:24:10 -0500
From:   "Theodore Ts'o" <tytso@....edu>
To:     Ext4 Developers List <linux-ext4@...r.kernel.org>
Cc:     "Theodore Ts'o" <tytso@....edu>
Subject: [PATCH] e4defrag: avoid potential buffer overflow caused by very long file names

Addresses-Coverity-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@....edu>
---
 misc/e4defrag.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/misc/e4defrag.c b/misc/e4defrag.c
index 33bd05d2..99bc2cd7 100644
--- a/misc/e4defrag.c
+++ b/misc/e4defrag.c
@@ -1041,7 +1041,7 @@ static int file_statistic(const char *file, const struct stat64 *buf,
 	__u64	size_per_ext = 0;
 	float	ratio = 0.0;
 	ext4_fsblk_t	blk_count = 0;
-	char	msg_buffer[PATH_MAX + 24];
+	char	msg_buffer[PATH_MAX + 48];
 	struct fiemap_extent_list *physical_list_head = NULL;
 	struct fiemap_extent_list *logical_list_head = NULL;
 
@@ -1210,8 +1210,9 @@ static int file_statistic(const char *file, const struct stat64 *buf,
 
 	if (mode_flag & DETAIL) {
 		/* Print statistic info */
-		sprintf(msg_buffer, "[%u/%u]%s",
-				defraged_file_count, total_count, file);
+		sprintf(msg_buffer, "[%u/%u]%.*s",
+				defraged_file_count, total_count,
+			PATH_MAX, file);
 		if (current_uid == ROOT_UID) {
 			if (strlen(msg_buffer) > 40)
 				printf("\033[79;0H\033[K%s\n"
-- 
2.31.0

Powered by blists - more mailing lists