Fixed buffer overflows when handling files names of exactly 256 UTF-16 characters...

author resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>

Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)

committer resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>

Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)
author resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>
Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)
committer resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>
Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)
diff --git a/libexfat/node.c b/libexfat/node.c

index 58ec3db..a154682 100644 (file)
--- a/libexfat/node.c
+++ b/libexfat/node.c
@@ -276,7 +276,10 @@ static int readdir(struct exfat* ef, const struct exfat_node* parent,
                         file_name = (const struct exfat_entry_name*) entry;
                         actual_checksum = exfat_add_checksum(entry, actual_checksum);
  
-                       memcpy(namep, file_name->name, EXFAT_ENAME_MAX * sizeof(le16_t));
+                       memcpy(namep, file_name->name,
+                                       MIN(EXFAT_ENAME_MAX,
+                                               ((*node)->name + EXFAT_NAME_MAX - namep)) *
+                                       sizeof(le16_t));
                         namep += EXFAT_ENAME_MAX;
                         if (--continuations == 0)
                         {
@@ -767,7 +770,8 @@ static int write_entry(struct exfat* ef, struct exfat_node* dir,
         {
                 struct exfat_entry_name name_entry = {EXFAT_ENTRY_FILE_NAME, 0};
                 memcpy(name_entry.name, node->name + i * EXFAT_ENAME_MAX,
-                               EXFAT_ENAME_MAX * sizeof(le16_t));
+                               MIN(EXFAT_ENAME_MAX, EXFAT_NAME_MAX - i * EXFAT_ENAME_MAX) *
+                               sizeof(le16_t));
                 next_entry(ef, dir, &cluster, &offset);
                 exfat_pwrite(ef->dev, &name_entry, sizeof(name_entry),
                                 co2o(ef, cluster, offset));
diff --git a/libexfat/utils.c b/libexfat/utils.c

index 3fd718a..8b6aaf9 100644 (file)
--- a/libexfat/utils.c
+++ b/libexfat/utils.c
@@ -85,7 +85,8 @@ le16_t exfat_calc_checksum(const struct exfat_entry_meta1* meta1,
         {
                 struct exfat_entry_name name_entry = {EXFAT_ENTRY_FILE_NAME, 0};
                 memcpy(name_entry.name, name + i * EXFAT_ENAME_MAX,
-                               EXFAT_ENAME_MAX * sizeof(le16_t));
+                               MIN(EXFAT_ENAME_MAX, EXFAT_NAME_MAX - i * EXFAT_ENAME_MAX) *
+                               sizeof(le16_t));
                 checksum = exfat_add_checksum(&name_entry, checksum);
         }
         return cpu_to_le16(checksum);
author	resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>
	Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)
committer	resver@gmail.com <resver@gmail.com@60bc1c72-a15a-11de-b98f-4500b42dc123>
	Sat, 3 Aug 2013 08:36:54 +0000 (08:36 +0000)
libexfat/node.c		patch \| blob \| history
libexfat/utils.c		patch \| blob \| history