diff options
| author | Aidan MacDonald <amachronic@protonmail.com> | 2021-07-24 14:49:32 +0100 |
|---|---|---|
| committer | Aidan MacDonald <amachronic@protonmail.com> | 2021-08-04 19:04:48 +0000 |
| commit | 429a7e2c0a83f70b0dc15c5287547fafcac80a9c (patch) | |
| tree | f92b3f013204e1d3b16bb11a6ecd8f820003f800 | |
| parent | bdd9c8dfc8abc7b066334820bd93e4394571a46b (diff) | |
| download | rockbox-429a7e2c0a83f70b0dc15c5287547fafcac80a9c.tar.gz rockbox-429a7e2c0a83f70b0dc15c5287547fafcac80a9c.zip | |
Avoid buffer overflow when generating bookmark file name
Change-Id: I14f3d83a8089d33f4e900a1d5f965e67082a07ea
| -rw-r--r-- | apps/bookmark.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/apps/bookmark.c b/apps/bookmark.c index 07751c2d4c..dece69dce6 100644 --- a/apps/bookmark.c +++ b/apps/bookmark.c | |||
| @@ -1103,12 +1103,10 @@ static bool parse_bookmark(const char *bookmark, const bool parse_filenames, con | |||
| 1103 | /* Changing this function could result in how the bookmarks are stored. */ | 1103 | /* Changing this function could result in how the bookmarks are stored. */ |
| 1104 | /* it would be here that the centralized/decentralized bookmark code */ | 1104 | /* it would be here that the centralized/decentralized bookmark code */ |
| 1105 | /* could be placed. */ | 1105 | /* could be placed. */ |
| 1106 | /* Always returns true */ | 1106 | /* Returns true if the file name is generated, false if it was too long */ |
| 1107 | /* ----------------------------------------------------------------------- */ | 1107 | /* ----------------------------------------------------------------------- */ |
| 1108 | static bool generate_bookmark_file_name(const char *in) | 1108 | static bool generate_bookmark_file_name(const char *in) |
| 1109 | { | 1109 | { |
| 1110 | int len = strlen(in); | ||
| 1111 | |||
| 1112 | /* if this is a root dir MP3, rename the bookmark file root_dir.bmark */ | 1110 | /* if this is a root dir MP3, rename the bookmark file root_dir.bmark */ |
| 1113 | /* otherwise, name it based on the in variable */ | 1111 | /* otherwise, name it based on the in variable */ |
| 1114 | if (!strcmp("/", in)) | 1112 | if (!strcmp("/", in)) |
| @@ -1121,15 +1119,24 @@ static bool generate_bookmark_file_name(const char *in) | |||
| 1121 | path_strip_volume(in, &filename, true); | 1119 | path_strip_volume(in, &filename, true); |
| 1122 | bool volume_root = *filename == '\0'; | 1120 | bool volume_root = *filename == '\0'; |
| 1123 | #endif | 1121 | #endif |
| 1124 | strcpy(global_bookmark_file_name, in); | 1122 | size_t len = strlcpy(global_bookmark_file_name, in, MAX_PATH); |
| 1125 | if(global_bookmark_file_name[len-1] == '/') | 1123 | if(len >= MAX_PATH) |
| 1124 | return false; | ||
| 1125 | |||
| 1126 | if(global_bookmark_file_name[len-1] == '/') { | ||
| 1127 | global_bookmark_file_name[len-1] = '\0'; | ||
| 1126 | len--; | 1128 | len--; |
| 1129 | } | ||
| 1130 | |||
| 1127 | #ifdef HAVE_MULTIVOLUME | 1131 | #ifdef HAVE_MULTIVOLUME |
| 1128 | if (volume_root) | 1132 | if (volume_root) |
| 1129 | strcpy(&global_bookmark_file_name[len], "/volume_dir.bmark"); | 1133 | len = strlcat(global_bookmark_file_name, "/volume_dir.bmark", MAX_PATH); |
| 1130 | else | 1134 | else |
| 1131 | #endif | 1135 | #endif |
| 1132 | strcpy(&global_bookmark_file_name[len], ".bmark"); | 1136 | len = strlcat(global_bookmark_file_name, ".bmark", MAX_PATH); |
| 1137 | |||
| 1138 | if(len >= MAX_PATH) | ||
| 1139 | return false; | ||
| 1133 | } | 1140 | } |
| 1134 | 1141 | ||
| 1135 | return true; | 1142 | return true; |