Skip to content

Commit eecb9cb

Browse files
FiliprogrammerFiliprogrammer
committed
Fix a buffer overflow in the fileManager
1 parent 56f1094 commit eecb9cb

File tree

1 file changed

+30
-30
lines changed

1 file changed

+30
-30
lines changed

kernel/src/fileManager.c

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -92,11 +92,11 @@ uint8_t file_create(file_t* file_inst, char* filepath){
9292
Partition_t* partition = fileManage_getPartition(filepath);
9393
if(partition == 0) return 0;
9494

95-
uint8_t tmp_filepath_len = strlen(filepath)-2;
96-
char tmp_filepath[tmp_filepath_len];
97-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
98-
tmp_filepath[i] = filepath[i+3];
99-
}
95+
uint8_t tmp_filepath_len = MAX(strlen(filepath), 3) - 3;
96+
char tmp_filepath[tmp_filepath_len + 1];
97+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
98+
tmp_filepath[i] = filepath[i + 3];
99+
tmp_filepath[tmp_filepath_len] = 0;
100100
//file_t* file_inst = malloc(sizeof(file_t), 0);
101101
if(partition->createFile(partition->inst, tmp_filepath, file_inst) == 0){
102102
//free(file_inst);
@@ -110,11 +110,11 @@ uint8_t file_find(file_t* file_inst, char* filepath){
110110
Partition_t* partition = fileManage_getPartition(filepath);
111111
if(partition == 0) return 0;
112112

113-
uint8_t tmp_filepath_len = strlen(filepath)-2;
114-
char tmp_filepath[tmp_filepath_len];
115-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
116-
tmp_filepath[i] = filepath[i+3];
117-
}
113+
uint8_t tmp_filepath_len = MAX(strlen(filepath), 3) - 3;
114+
char tmp_filepath[tmp_filepath_len + 1];
115+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
116+
tmp_filepath[i] = filepath[i + 3];
117+
tmp_filepath[tmp_filepath_len] = 0;
118118

119119
//file_t* file_inst = malloc(sizeof(file_t), 0);
120120
if(partition->findFile(partition->inst, tmp_filepath, file_inst) == 0){
@@ -133,23 +133,23 @@ uint8_t file_isDirectory(char* filepath){
133133
Partition_t* partition = fileManage_getPartition(filepath);
134134
if(partition == 0) return 0;
135135

136-
uint8_t tmp_filepath_len = strlen(filepath)-2;
137-
char tmp_filepath[tmp_filepath_len];
138-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
139-
tmp_filepath[i] = filepath[i+3];
140-
}
136+
uint8_t tmp_filepath_len = MAX(strlen(filepath), 3) - 3;
137+
char tmp_filepath[tmp_filepath_len + 1];
138+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
139+
tmp_filepath[i] = filepath[i + 3];
140+
tmp_filepath[tmp_filepath_len] = 0;
141141
return partition->isDirectory(partition->inst, tmp_filepath);
142142
}
143143

144144
uint8_t file_createDirectory(char* filepath){
145145
Partition_t* partition = fileManage_getPartition(filepath);
146146
if(partition == 0) return 0;
147147

148-
uint8_t tmp_filepath_len = strlen(filepath)-2;
149-
char tmp_filepath[tmp_filepath_len];
150-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
151-
tmp_filepath[i] = filepath[i+3];
152-
}
148+
uint8_t tmp_filepath_len = MAX(strlen(filepath), 3) - 3;
149+
char tmp_filepath[tmp_filepath_len + 1];
150+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
151+
tmp_filepath[i] = filepath[i + 3];
152+
tmp_filepath[tmp_filepath_len] = 0;
153153
//return 0; // just for debugging
154154
return partition->createDirectory(partition->inst, tmp_filepath);
155155
}
@@ -158,11 +158,11 @@ uint8_t file_findByIndex(file_t* file_inst, char* dirpath, uint32_t index){
158158
Partition_t* partition = fileManage_getPartition(dirpath);
159159
if(partition == 0) return 0;
160160

161-
uint8_t tmp_filepath_len = strlen(dirpath)-2;
162-
char tmp_filepath[tmp_filepath_len];
163-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
164-
tmp_filepath[i] = dirpath[i+3];
165-
}
161+
uint8_t tmp_filepath_len = MAX(strlen(dirpath), 3) - 3;
162+
char tmp_filepath[tmp_filepath_len + 1];
163+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
164+
tmp_filepath[i] = dirpath[i + 3];
165+
tmp_filepath[tmp_filepath_len] = 0;
166166
if(!partition->findFileByIndex(partition->inst, file_inst, tmp_filepath, index)){
167167
return 0; // Failed
168168
}
@@ -214,11 +214,11 @@ uint8_t file_delete(char* filepath){
214214
Partition_t* partition = fileManage_getPartition(filepath);
215215
if(partition == 0) return 0;
216216

217-
uint8_t tmp_filepath_len = strlen(filepath)-2;
218-
char tmp_filepath[tmp_filepath_len];
219-
for(uint8_t i = 0; i < tmp_filepath_len+1; ++i){
220-
tmp_filepath[i] = filepath[i+3];
221-
}
217+
uint8_t tmp_filepath_len = MAX(strlen(filepath), 3) - 3;
218+
char tmp_filepath[tmp_filepath_len + 1];
219+
for(uint8_t i = 0; i < tmp_filepath_len; ++i)
220+
tmp_filepath[i] = filepath[i + 3];
221+
tmp_filepath[tmp_filepath_len] = 0;
222222

223223
partition->deleteFile(partition->inst, tmp_filepath);
224224
return 1;

0 commit comments

Comments
 (0)