| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230201052410.440207-1-tytso@mit.edu>
Date: Wed, 1 Feb 2023 00:24:10 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Ext4 Developers List <linux-ext4@...r.kernel.org>
Cc: "Theodore Ts'o" <tytso@....edu>
Subject: [PATCH] e4defrag: avoid potential buffer overflow caused by very long file names
Addresses-Coverity-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@....edu>
---
misc/e4defrag.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/misc/e4defrag.c b/misc/e4defrag.c
index 33bd05d2..99bc2cd7 100644
--- a/misc/e4defrag.c
+++ b/misc/e4defrag.c
@@ -1041,7 +1041,7 @@ static int file_statistic(const char *file, const struct stat64 *buf,
__u64 size_per_ext = 0;
float ratio = 0.0;
ext4_fsblk_t blk_count = 0;
- char msg_buffer[PATH_MAX + 24];
+ char msg_buffer[PATH_MAX + 48];
struct fiemap_extent_list *physical_list_head = NULL;
struct fiemap_extent_list *logical_list_head = NULL;
@@ -1210,8 +1210,9 @@ static int file_statistic(const char *file, const struct stat64 *buf,
if (mode_flag & DETAIL) {
/* Print statistic info */
- sprintf(msg_buffer, "[%u/%u]%s",
- defraged_file_count, total_count, file);
+ sprintf(msg_buffer, "[%u/%u]%.*s",
+ defraged_file_count, total_count,
+ PATH_MAX, file);
if (current_uid == ROOT_UID) {
if (strlen(msg_buffer) > 40)
printf("\033[79;0H\033[K%s\n"
--
2.31.0
Powered by blists - more mailing lists