---
virtio/9p.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/virtio/9p.c b/virtio/9p.c
index 87a579f..781ca2f 100644
--- a/virtio/9p.c
+++ b/virtio/9p.c
@@ -91,13 +91,16 @@ static struct p9_fid *get_fid(struct p9_dev *p9dev, int fid)
return new;
}
-/* Warning: Immediately use value returned from this function */
-static const char *rel_to_abs(struct p9_dev *p9dev,
- const char *path, char *abs_path)
+static int rel_to_abs(struct p9_dev *p9dev, const char *path, char *abs_path,
+ size_t size)
{
- sprintf(abs_path, "%s/%s", p9dev->root_dir, path);
+ int ret;
+
+ ret = snprintf(abs_path, size, "%s/%s", p9dev->root_dir, path);
+ if (ret >= (int)size)
+ return -1;
- return abs_path;
+ return 0;
}
static void stat2qid(struct stat *st, struct p9_qid *qid)
@@ -449,7 +452,12 @@ static void virtio_p9_walk(struct p9_dev *p9dev,
free(str);
- if (lstat(rel_to_abs(p9dev, tmp, full_path), &st) < 0)
+ if (rel_to_abs(p9dev, tmp, full_path, sizeof(full_path)) != 0) {
+ errno = ENAMETOOLONG;
+ goto err_out;
+ }
+
+ if (lstat(full_path, &st) < 0)
goto err_out;
stat2qid(&st, &wqid);
@@ -634,7 +642,11 @@ static void virtio_p9_readdir(struct p9_dev *p9dev,
break;
}
old_offset = dent->d_off;
- lstat(rel_to_abs(p9dev, dent->d_name, full_path), &st);
+ if (rel_to_abs(p9dev, dent->d_name, full_path, sizeof(full_path)) != 0) {
+ errno = ENAMETOOLONG;
+ goto err_out;
+ }
+ lstat(full_path, &st);
stat2qid(&st, &qid);
read = pdu->write_offset;
virtio_p9_pdu_writef(pdu, "Qqbs", &qid, dent->d_off,
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
