Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Aug 2011 20:00:57 +0000 (UTC)
From:      Martin Matuska <mm@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r225250 - stable/7/usr.sbin/makefs
Message-ID:  <201108292000.p7TK0vvW010579@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: mm
Date: Mon Aug 29 20:00:57 2011
New Revision: 225250
URL: http://svn.freebsd.org/changeset/base/225250

Log:
  Fix buffer overflow and possible ISO image corruption in wrong
  handling of "." character case in makefs ISO level 1 and 2 filename
  conversion.
  
  Filed as NetBSD PR #45285
  http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=45285
  
  Reviewed by:	Christos Zoulas <christos@netbsd.org>

Modified:
  stable/7/usr.sbin/makefs/cd9660.c
Directory Properties:
  stable/7/usr.sbin/makefs/   (props changed)

Modified: stable/7/usr.sbin/makefs/cd9660.c
==============================================================================
--- stable/7/usr.sbin/makefs/cd9660.c	Mon Aug 29 20:00:29 2011	(r225249)
+++ stable/7/usr.sbin/makefs/cd9660.c	Mon Aug 29 20:00:57 2011	(r225250)
@@ -1627,7 +1627,7 @@ cd9660_level1_convert_filename(const cha
 	int extlen = 0;
 	int found_ext = 0;
 
-	while (*oldname != '\0') {
+	while (*oldname != '\0' && extlen < 3) {
 		/* Handle period first, as it is special */
 		if (*oldname == '.') {
 			if (found_ext) {
@@ -1644,10 +1644,8 @@ cd9660_level1_convert_filename(const cha
 			    *oldname == ',' && strlen(oldname) == 4)
 				break;
 			/* Enforce 12.3 / 8 */
-			if (((namelen == 8) && !found_ext) ||
-			    (found_ext && extlen == 3)) {
+			if (namelen == 8 && !found_ext)
 				break;
-			}
 
 			if (islower((unsigned char)*oldname))
 				*newname++ = toupper((unsigned char)*oldname);
@@ -1690,7 +1688,7 @@ cd9660_level2_convert_filename(const cha
 	int extlen = 0;
 	int found_ext = 0;
 
-	while (*oldname != '\0') {
+	while (*oldname != '\0' && namelen + extlen < 30) {
 		/* Handle period first, as it is special */
 		if (*oldname == '.') {
 			if (found_ext) {
@@ -1710,8 +1708,6 @@ cd9660_level2_convert_filename(const cha
 			if (diskStructure.archimedes_enabled &&
 			    *oldname == ',' && strlen(oldname) == 4)
 				break;
-			if ((namelen + extlen) == 30)
-				break;
 
 			 if (islower((unsigned char)*oldname))
 				*newname++ = toupper((unsigned char)*oldname);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108292000.p7TK0vvW010579>