From b413b040936f48d4cd9ed632ac579542c710efae Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Wed, 29 Nov 2023 22:03:46 +0100 Subject: [PATCH] makefsdata: fix buffer corruption with very long paths See bug #64941 --- src/apps/http/makefsdata/makefsdata.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/apps/http/makefsdata/makefsdata.c b/src/apps/http/makefsdata/makefsdata.c index 240c72e4..c325ee86 100644 --- a/src/apps/http/makefsdata/makefsdata.c +++ b/src/apps/http/makefsdata/makefsdata.c @@ -895,6 +895,10 @@ static int is_ssi_file(const char *filename) /* build up the relative path to this file */ size_t sublen = strlen(curSubdir); size_t freelen = sizeof(curSubdir) - sublen - 1; + if (sublen + strlen(filename) + 1 >= sizeof(curSubdir)) { + /* prevent buffer overflow */ + return 0; + } strncat(curSubdir, "/", freelen); strncat(curSubdir, filename, freelen - 1); curSubdir[sizeof(curSubdir) - 1] = 0;