diff options
| author | Florian Zumbiehl <florz@florz.de> | 2009-09-02 22:52:55 +0200 |
|---|---|---|
| committer | Karel Zak <kzak@redhat.com> | 2009-09-02 22:56:19 +0200 |
| commit | 3096d61a916feffff300b9e1ce8ca57f7fdbf2bc (patch) | |
| tree | 25dda6e968e67f69a989339ea71ea991bdf1d06b | |
| parent | e94e99523d8a3d0218fe16b0a7a2c5886ccbc652 (diff) | |
| download | util-linux-old-3096d61a916feffff300b9e1ce8ca57f7fdbf2bc.tar.gz | |
libblkid: fix buffer overflow in blkid_encode_string()
[kzak@redhat.com: - this is patch is originally from udev repository
commit 8cfcf9980a3a7037a12a3052c38e4981cb0f0190]
Signed-off-by: Karel Zak <kzak@redhat.com>
| -rw-r--r-- | shlibs/blkid/src/encode.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/shlibs/blkid/src/encode.c b/shlibs/blkid/src/encode.c index d45a292e..0317be1f 100644 --- a/shlibs/blkid/src/encode.c +++ b/shlibs/blkid/src/encode.c @@ -243,28 +243,35 @@ int blkid_encode_string(const char *str, char *str_enc, size_t len) { size_t i, j; - if (str == NULL || str_enc == NULL || len == 0) + if (str == NULL || str_enc == NULL) return -1; - str_enc[0] = '\0'; for (i = 0, j = 0; str[i] != '\0'; i++) { int seqlen; seqlen = utf8_encoded_valid_unichar(&str[i]); if (seqlen > 1) { + if (len-j < (size_t)seqlen) + goto err; memcpy(&str_enc[j], &str[i], seqlen); j += seqlen; i += (seqlen-1); } else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) { + if (len-j < 4) + goto err; sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]); j += 4; } else { + if (len-j < 1) + goto err; str_enc[j] = str[i]; j++; } if (j+3 >= len) goto err; } + if (len-j < 1) + goto err; str_enc[j] = '\0'; return 0; err: |