From: Eric Sandeen <sandeen@redhat.com>
To: djwong@us.ibm.com
Cc: "Theodore Ts'o" <tytso@mit.edu>, linux-ext4 <linux-ext4@vger.kernel.org>
Subject: Re: [PATCH] debugfs: Fix sprintf stack overflow
Date: Tue, 11 Oct 2011 21:38:56 -0500 [thread overview]
Message-ID: <4E94FDC0.1070409@redhat.com> (raw)
In-Reply-To: <20111012010221.GN12447@tux1.beaverton.ibm.com>
On 10/11/11 8:02 PM, Darrick J. Wong wrote:
> The htree dump code overflows a char buffer if the directory has a long
> filename because the buffer is not large enough to hold the characters that are
> not part of the filename. Make the buffer larger and use snprintf instead.
>
> Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
lessee ...
"%u 0x%08x-%08x (%d) %s "
%u 10
" " 1
0x 2
%08x 8
- 1
%08x 8
" (" 2
%d 5
"( " 2
%s EXT2_NAME_LEN
" " 3
-------
EXT2_NAME_LEN+42
64 should be plenty :)
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> debugfs/htree.c | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/debugfs/htree.c b/debugfs/htree.c
> index 06e7737..05745eb 100644
> --- a/debugfs/htree.c
> +++ b/debugfs/htree.c
> @@ -39,7 +39,7 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino,
> int thislen, col = 0;
> unsigned int offset = 0;
> char name[EXT2_NAME_LEN + 1];
> - char tmp[EXT2_NAME_LEN + 16];
> + char tmp[EXT2_NAME_LEN + 64];
> blk64_t pblk;
> ext2_dirhash_t hash, minor_hash;
> unsigned int rec_len;
> @@ -91,8 +91,8 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino,
> if (errcode)
> com_err("htree_dump_leaf_node", errcode,
> "while calculating hash");
> - sprintf(tmp, "%u 0x%08x-%08x (%d) %s ", dirent->inode,
> - hash, minor_hash, rec_len, name);
> + snprintf(tmp, EXT2_NAME_LEN + 64, "%u 0x%08x-%08x (%d) %s ",
> + dirent->inode, hash, minor_hash, rec_len, name);
> thislen = strlen(tmp);
> if (col + thislen > 80) {
> fprintf(pager, "\n");
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-10-12 2:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-12 1:02 [PATCH] debugfs: Fix sprintf stack overflow Darrick J. Wong
2011-10-12 2:38 ` Eric Sandeen [this message]
2011-11-20 20:47 ` Ted Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E94FDC0.1070409@redhat.com \
--to=sandeen@redhat.com \
--cc=djwong@us.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.