fs: fat_write: fix short name creation.

Truncate file names if the buffer size is exceeded to avoid a buffer
overflow.

Use Sphinx style function description.

Add a TODO comment.

Reported-by: CID 303779
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index 59cc0ba..b16a39d 100644 (file)
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -50,8 +50,11 @@ static int disk_write(__u32 block, __u32 nr_blocks, void *buf)
        return ret;
 }
 
-/*
- * Set short name in directory entry
+/**
+ * set_name() - set short name in directory entry
+ *
+ * @dirent:    directory entry
+ * @filename:  long file name
  */
 static void set_name(dir_entry *dirent, const char *filename)
 {
@@ -66,7 +69,8 @@ static void set_name(dir_entry *dirent, const char *filename)
        if (len == 0)
                return;
 
-       strcpy(s_name, filename);
+       strncpy(s_name, filename, VFAT_MAXLEN_BYTES - 1);
+       s_name[VFAT_MAXLEN_BYTES - 1] = '\0';
        uppercase(s_name, len);
 
        period = strchr(s_name, '.');
@@ -87,6 +91,11 @@ static void set_name(dir_entry *dirent, const char *filename)
                memcpy(dirent->name, s_name, period_location);
        } else {
                memcpy(dirent->name, s_name, 6);
+               /*
+                * TODO: Translating two long names with the same first six
+                *       characters to the same short name is utterly wrong.
+                *       Short names must be unique.
+                */
                dirent->name[6] = '~';
                dirent->name[7] = '1';
        }