diff options
author | Aidan MacDonald <amachronic@protonmail.com> | 2021-07-24 14:49:32 +0100 |
---|---|---|
committer | Aidan MacDonald <amachronic@protonmail.com> | 2021-08-04 19:04:48 +0000 |
commit | 429a7e2c0a83f70b0dc15c5287547fafcac80a9c (patch) | |
tree | f92b3f013204e1d3b16bb11a6ecd8f820003f800 /apps/bookmark.c | |
parent | bdd9c8dfc8abc7b066334820bd93e4394571a46b (diff) | |
download | rockbox-429a7e2c0a83f70b0dc15c5287547fafcac80a9c.tar.gz rockbox-429a7e2c0a83f70b0dc15c5287547fafcac80a9c.zip |
Avoid buffer overflow when generating bookmark file name
Change-Id: I14f3d83a8089d33f4e900a1d5f965e67082a07ea
Diffstat (limited to 'apps/bookmark.c')
-rw-r--r-- | apps/bookmark.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/apps/bookmark.c b/apps/bookmark.c index 07751c2d4c..dece69dce6 100644 --- a/apps/bookmark.c +++ b/apps/bookmark.c | |||
@@ -1103,12 +1103,10 @@ static bool parse_bookmark(const char *bookmark, const bool parse_filenames, con | |||
1103 | /* Changing this function could result in how the bookmarks are stored. */ | 1103 | /* Changing this function could result in how the bookmarks are stored. */ |
1104 | /* it would be here that the centralized/decentralized bookmark code */ | 1104 | /* it would be here that the centralized/decentralized bookmark code */ |
1105 | /* could be placed. */ | 1105 | /* could be placed. */ |
1106 | /* Always returns true */ | 1106 | /* Returns true if the file name is generated, false if it was too long */ |
1107 | /* ----------------------------------------------------------------------- */ | 1107 | /* ----------------------------------------------------------------------- */ |
1108 | static bool generate_bookmark_file_name(const char *in) | 1108 | static bool generate_bookmark_file_name(const char *in) |
1109 | { | 1109 | { |
1110 | int len = strlen(in); | ||
1111 | |||
1112 | /* if this is a root dir MP3, rename the bookmark file root_dir.bmark */ | 1110 | /* if this is a root dir MP3, rename the bookmark file root_dir.bmark */ |
1113 | /* otherwise, name it based on the in variable */ | 1111 | /* otherwise, name it based on the in variable */ |
1114 | if (!strcmp("/", in)) | 1112 | if (!strcmp("/", in)) |
@@ -1121,15 +1119,24 @@ static bool generate_bookmark_file_name(const char *in) | |||
1121 | path_strip_volume(in, &filename, true); | 1119 | path_strip_volume(in, &filename, true); |
1122 | bool volume_root = *filename == '\0'; | 1120 | bool volume_root = *filename == '\0'; |
1123 | #endif | 1121 | #endif |
1124 | strcpy(global_bookmark_file_name, in); | 1122 | size_t len = strlcpy(global_bookmark_file_name, in, MAX_PATH); |
1125 | if(global_bookmark_file_name[len-1] == '/') | 1123 | if(len >= MAX_PATH) |
1124 | return false; | ||
1125 | |||
1126 | if(global_bookmark_file_name[len-1] == '/') { | ||
1127 | global_bookmark_file_name[len-1] = '\0'; | ||
1126 | len--; | 1128 | len--; |
1129 | } | ||
1130 | |||
1127 | #ifdef HAVE_MULTIVOLUME | 1131 | #ifdef HAVE_MULTIVOLUME |
1128 | if (volume_root) | 1132 | if (volume_root) |
1129 | strcpy(&global_bookmark_file_name[len], "/volume_dir.bmark"); | 1133 | len = strlcat(global_bookmark_file_name, "/volume_dir.bmark", MAX_PATH); |
1130 | else | 1134 | else |
1131 | #endif | 1135 | #endif |
1132 | strcpy(&global_bookmark_file_name[len], ".bmark"); | 1136 | len = strlcat(global_bookmark_file_name, ".bmark", MAX_PATH); |
1137 | |||
1138 | if(len >= MAX_PATH) | ||
1139 | return false; | ||
1133 | } | 1140 | } |
1134 | 1141 | ||
1135 | return true; | 1142 | return true; |