In case the filename is too long, longer than PATH_MAX - 1, it
would overflow dirs->dirname array. Add missing check and also
use strncpy() to prevent the overflow in any case.
Fixes CID 550305: Security best practices violations (STRING_OVERFLOW)
Signed-off-by: Marek Vasut <ma...@denx.de>
---
Cc: Tom Rini <tr...@konsulko.com>
Cc: u-boot@lists.denx.de
---
fs/exfat/io.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/exfat/io.c b/fs/exfat/io.c
index c56f5675987..77cd2dfb6dc 100644
--- a/fs/exfat/io.c
+++ b/fs/exfat/io.c
@@ -720,6 +720,9 @@ int exfat_fs_opendir(const char *filename, struct
fs_dir_stream **dirsp)
struct exfat_node *dnode;
int err;
+ if (strlen(filename) >= PATH_MAX)
+ return -ENAMETOOLONG;
+
err = exfat_lookup_realpath(&ctxt.ef, &dnode, filename);
if (err)
return err;
@@ -736,7 +739,7 @@ int exfat_fs_opendir(const char *filename, struct
fs_dir_stream **dirsp)
if (!dirs)
return -ENOMEM;
- strcpy(dirs->dirname, filename);
+ strncpy(dirs->dirname, filename, PATH_MAX - 1);
dirs->offset = -1;
*dirsp = &dirs->fs_dirs;
--
2.47.2
