mtd-utils: Add checks to code that copies strings into fixed sized buffers

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/jffsX-utils/jffs2dump.c b/jffsX-utils/jffs2dump.c
index ad7a9e32a7cac2b183a5fb4fd79efc656be4fcf8..d30b59f69dbcb6f5482e3fe0bfdfff0a27b64720 100644 (file)
--- a/jffsX-utils/jffs2dump.c
+++ b/jffsX-utils/jffs2dump.c
@@ -149,7 +149,8 @@ static void process_options (int argc, char *argv[])
                                break;
                        case 'e':
                                convertendian = 1;
-                               strcpy (cnvfile, optarg);
+                               strncpy (cnvfile, optarg, sizeof(cnvfile) - 1);
+                               cnvfile[sizeof(cnvfile) - 1] = '\0';
                                break;
                        case 'r':
                                recalccrc = 1;

diff --git a/ubi-utils/ubirename.c b/ubi-utils/ubirename.c
index f88ef82ce5171166420cbe18bef472493ab495ac..97bf030b70693dbe6e03582fcc9e3ecf238ea671 100644 (file)
--- a/ubi-utils/ubirename.c
+++ b/ubi-utils/ubirename.c
@@ -126,6 +126,13 @@ int main(int argc, char * const argv[])
 
                rnvol.ents[count].vol_id = err;
                rnvol.ents[count].name_len = strlen(argv[i + 1]);
+
+               if (rnvol.ents[count].name_len >=
+                   sizeof(rnvol.ents[count].name)) {
+                       errmsg("\"%s\" volume name too long", argv[i + 1]);
+                       goto out_libubi;
+               }
+
                strcpy(rnvol.ents[count++].name, argv[i + 1]);
        }