[PATCH rtems-tools] rtems-bin2c.c: Check length of buffer to be copied

Mon, 27 Sep 2021 14:28:50 -0700 

 CID 1063892: Copy into fixed size buffer in process().

Closes #4424
---
 misc/bin2c/rtems-bin2c.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
index 8e32d25..1668063 100644
--- a/misc/bin2c/rtems-bin2c.c
+++ b/misc/bin2c/rtems-bin2c.c
@@ -141,6 +141,15 @@ void process(const char *ifname, const char *ofname, const 
char *forced_name)
   char *ifbasename;
   ifbasename = basename(ifbasename_to_free);
 
+  /* Ensure length of ifbasename is shorter than length of buf */
+  if (strlen(ifbasename) > PATH_MAX+1) {
+    fprintf(stderr, "not enough room to copy");
+    fclose(ifile);
+    if ( createC ) { fclose(ocfile); }
+    if ( createH ) { fclose(ohfile); }
+    exit(1);
+  }
+
   strcpy(buf, ifbasename);
   sanitize_file_name(buf);
 
-- 
1.8.3.1

_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel

Reply via email to