d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix off-by-one error in msdosfs FAT32 volume label copying

Browse Source 
I dropped the + 1 from the other two instances in each file but failed
to do so for this one, resulting in a more egregious buffer overread
than the one I was fixing (since the read character ended up in the
output if there was space).

Reported by:	Jenkins
Fixes:	34fb1c133c ("Fix intra-object buffer overread for labeled msdosfs volumes")
This commit is contained in:
Jessica Clarke 2021-10-28 01:01:00 +01:00
parent 4827bf76bc
commit 63d24336fd
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/geom/label/g_label_msdosfs.c
View File

@ -136,7 +136,7 @@ g_label_msdosfs_taste(struct g_consumer *cp, char *label, size_t size)
if (strncmp(pfat32_bsbpb->BS_VolLab, LABEL_NO_NAME,
sizeof(pfat32_bsbpb->BS_VolLab)) != 0) {
copysize = MIN(size - 1,
sizeof(pfat32_bsbpb->BS_VolLab) + 1);
sizeof(pfat32_bsbpb->BS_VolLab));
memcpy(label, pfat32_bsbpb->BS_VolLab, copysize);
label[copysize] = '\0';
goto endofchecks;

2
usr.sbin/fstyp/msdosfs.c
View File

@ -104,7 +104,7 @@ fstyp_msdosfs(FILE *fp, char *label, size_t size)
if (strncmp(pfat32_bsbpb->BS_VolLab, LABEL_NO_NAME,
sizeof(pfat32_bsbpb->BS_VolLab)) != 0) {
copysize = MIN(size - 1,
sizeof(pfat32_bsbpb->BS_VolLab) + 1);
sizeof(pfat32_bsbpb->BS_VolLab));
memcpy(label, pfat32_bsbpb->BS_VolLab, copysize);
label[copysize] = '\0';
goto endofchecks;