diff options
| author | dzwdz | 2022-09-15 23:22:49 +0200 |
|---|---|---|
| committer | dzwdz | 2022-09-15 23:22:49 +0200 |
| commit | fa6f5ea3580716becc512b9018d0689c243225a1 (patch) | |
| tree | b3daa94431ee188524fdca207963c77e2644f64a | |
| parent | 6c7c19e4378b9b9640dc0b250d09264f5cd99572 (diff) | |
user/tmpfs: fix buffer overflow
| -rw-r--r-- | src/user/app/tmpfs/tmpfs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/user/app/tmpfs/tmpfs.c b/src/user/app/tmpfs/tmpfs.c index 606d682..0d3fe36 100644 --- a/src/user/app/tmpfs/tmpfs.c +++ b/src/user/app/tmpfs/tmpfs.c @@ -38,6 +38,7 @@ static struct node *lookup(struct node *parent, const char *path, size_t len) { } static struct node *tmpfs_open(const char *path, struct fs_wait_response *res) { + /* *path is not null terminated! */ struct node *node = &special_root; if (res->len == 0) return NULL; if (res->len == 1) return node; @@ -48,7 +49,7 @@ static struct node *tmpfs_open(const char *path, struct fs_wait_response *res) { size_t segpos = 0, seglen; /* segments end with a slash, inclusive */ while (more) { struct node *const parent = node; - char *slash = memchr(path + segpos, '/', res->len); + char *slash = memchr(path + segpos, '/', res->len - segpos); seglen = (slash ? (size_t)(slash - path + 1) : res->len) - segpos; more = segpos + seglen < res->len; |