The-Homebrew-Cloud/libfat
2
0
Fork 0
mirror of https://github.com/wiiu-env/libfat.git synced 2024-11-22 18:09:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check long file names for buffer overflow

Browse Source
This commit is contained in:
Michael Chisholm 2007-03-14 10:51:45 +00:00
parent be7f9f10fb
commit 4191c6de84
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source/directory.c
View File

@ -40,6 +40,9 @@
2006-10-28 - Chishm 2006-10-28 - Chishm
* stat returns the hostType for the st_dev value * stat returns the hostType for the st_dev value
2007-03-14 - Chishm
* Check long file names for buffer overflow
*/ */
#include <string.h> #include <string.h>
@ -56,6 +59,9 @@
#define DIR_ENTRY_LAST 0x00 #define DIR_ENTRY_LAST 0x00
#define DIR_ENTRY_FREE 0xE5 #define DIR_ENTRY_FREE 0xE5
#define LAST_LFN_POS (19*13)
#define LAST_LFN_POS_CORRECTION (MAX_FILENAME_LENGTH-15)
// Long file name directory entry // Long file name directory entry
enum LFN_offset { enum LFN_offset {
@ -278,13 +284,21 @@ bool _FAT_directory_getNextEntry (PARTITION* partition, DIR_ENTRY* entry) {
// Last part of LFN, make sure it isn't deleted using previous if(Thanks MoonLight) // Last part of LFN, make sure it isn't deleted using previous if(Thanks MoonLight)
entryStart = entryEnd; // This is the start of a directory entry entryStart = entryEnd; // This is the start of a directory entry
lfnExists = true; lfnExists = true;
filename[(entryData[LFN_offset_ordinal] & ~LFN_END) * 13] = '\0'; // Set end of lfn to null character lfnPos = (entryData[LFN_offset_ordinal] & ~LFN_END) * 13;
if (lfnPos > MAX_FILENAME_LENGTH - 1) {
lfnPos = MAX_FILENAME_LENGTH - 1;
}
filename[lfnPos] = '\0'; // Set end of lfn to null character
lfnChkSum = entryData[LFN_offset_checkSum]; lfnChkSum = entryData[LFN_offset_checkSum];
} if (lfnChkSum != entryData[LFN_offset_checkSum]) { } if (lfnChkSum != entryData[LFN_offset_checkSum]) {
lfnExists = false; lfnExists = false;
} }
if (lfnExists) { if (lfnExists) {
lfnPos = ((entryData[LFN_offset_ordinal] & ~LFN_END) - 1) * 13; lfnPos = ((entryData[LFN_offset_ordinal] & ~LFN_END) - 1) * 13;
if (lfnPos > LAST_LFN_POS) {
// Force it within the buffer. Will corrupt the filename but prevent buffer overflows
lfnPos = LAST_LFN_POS;
}
for (i = 0; i < 13; i++) { for (i = 0; i < 13; i++) {
filename[lfnPos + i] = entryData[LFN_offset_table[i]]; // modify this for unicode support; filename[lfnPos + i] = entryData[LFN_offset_table[i]]; // modify this for unicode support;
} }
@ -391,6 +405,9 @@ bool _FAT_directory_entryFromPosition (PARTITION* partition, DIR_ENTRY* entry) {
} else { } else {
// Copy the long file name data // Copy the long file name data
lfnPos = ((entryData[LFN_offset_ordinal] & ~LFN_END) - 1) * 13; lfnPos = ((entryData[LFN_offset_ordinal] & ~LFN_END) - 1) * 13;
if (lfnPos > LAST_LFN_POS) {
lfnPos = LAST_LFN_POS_CORRECTION;
}
for (i = 0; i < 13; i++) { for (i = 0; i < 13; i++) {
entry->filename[lfnPos + i] = entryData[LFN_offset_table[i]]; // modify this for unicode support; entry->filename[lfnPos + i] = entryData[LFN_offset_table[i]]; // modify this for unicode support;
} }