github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-08-16 15:21:48 +00:00
Code Issues Projects Releases Wiki Activity

DM: fix buffer overflow risk issues in hugetlb.c

Browse Source 
Add buffer boundaries to avoid overflow

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2018-05-21 23:49:58 +08:00 committed by lijinxia
parent cd07c2c9a4
commit 160df8433a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
devicemodel/core/hugetlb.c
View File

@ -119,7 +119,7 @@ static int open_hugetlbfs(struct vmctx *ctx, int level)
strncpy(path, hugetlb_priv[level].mount_path, MAX_PATH_LEN); strncpy(path, hugetlb_priv[level].mount_path, MAX_PATH_LEN);
/* UUID will use 32 bytes */ /* UUID will use 32 bytes */
if (strlen(path) + 32 > MAX_PATH_LEN) { if (strnlen(path, MAX_PATH_LEN) + 32 > MAX_PATH_LEN) {
perror("PATH overflow"); perror("PATH overflow");
return -ENOMEM; return -ENOMEM;
} }
@ -298,9 +298,10 @@ static int create_hugetlb_dirs(int level)
return -EINVAL; return -EINVAL;
} }
strcpy(tmp_path, path); memset(tmp_path, '\0', MAX_PATH_LEN);
strncpy(tmp_path, path, MAX_PATH_LEN - 1);
if (tmp_path[len - 1] != '/') if ((tmp_path[len - 1] != '/') && (strlen(tmp_path) < MAX_PATH_LEN - 1))
strcat(tmp_path, "/"); strcat(tmp_path, "/");
len = strlen(tmp_path); len = strlen(tmp_path);