svn commit: r225121 - head/usr.sbin/makefs

Tue, 23 Aug 2011 12:49:32 -0700 

Author: mm
Date: Tue Aug 23 19:49:06 2011
New Revision: 225121
URL: http://svn.freebsd.org/changeset/base/225121

Log:
  Fix buffer overflow and possible ISO image corruption in wrong
  handling of "." character case in makefs ISO level 1 and 2 filename
  conversion.
  
  Filed as NetBSD PR #45285
  http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=45285
  
  Reviewed by:  Christos Zoulas <chris...@netbsd.org>
  Approved by:  re (kib)
  MFC after:    3 days

Modified:
  head/usr.sbin/makefs/cd9660.c

Modified: head/usr.sbin/makefs/cd9660.c
==============================================================================
--- head/usr.sbin/makefs/cd9660.c       Tue Aug 23 19:29:11 2011        
(r225120)
+++ head/usr.sbin/makefs/cd9660.c       Tue Aug 23 19:49:06 2011        
(r225121)
@@ -1627,7 +1627,7 @@ cd9660_level1_convert_filename(const cha
        int extlen = 0;
        int found_ext = 0;
 
-       while (*oldname != '\0') {
+       while (*oldname != '\0' && extlen < 3) {
                /* Handle period first, as it is special */
                if (*oldname == '.') {
                        if (found_ext) {
@@ -1644,10 +1644,8 @@ cd9660_level1_convert_filename(const cha
                            *oldname == ',' && strlen(oldname) == 4)
                                break;
                        /* Enforce 12.3 / 8 */
-                       if (((namelen == 8) && !found_ext) ||
-                           (found_ext && extlen == 3)) {
+                       if (namelen == 8 && !found_ext)
                                break;
-                       }
 
                        if (islower((unsigned char)*oldname))
                                *newname++ = toupper((unsigned char)*oldname);
@@ -1690,7 +1688,7 @@ cd9660_level2_convert_filename(const cha
        int extlen = 0;
        int found_ext = 0;
 
-       while (*oldname != '\0') {
+       while (*oldname != '\0' && namelen + extlen < 30) {
                /* Handle period first, as it is special */
                if (*oldname == '.') {
                        if (found_ext) {
@@ -1710,8 +1708,6 @@ cd9660_level2_convert_filename(const cha
                        if (diskStructure.archimedes_enabled &&
                            *oldname == ',' && strlen(oldname) == 4)
                                break;
-                       if ((namelen + extlen) == 30)
-                               break;
 
                         if (islower((unsigned char)*oldname))
                                *newname++ = toupper((unsigned char)*oldname);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to