From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 3 Jan 2015 09:20:05 +0000 (+0000)
Subject: fsck.minix: fix segmentation fault
X-Git-Tag: v2.26-rc1~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=730ae9c899719a6e5e7b79f25bd280827d142ae8;p=thirdparty%2Futil-linux.git

fsck.minix: fix segmentation fault

Return from check_file() and check_file2() functions when maximum name
depth is reached.  The use unsafe strncpy() is also removed just to be on
safe side.

Addresses: https://bugs.debian.org/773892
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/disk-utils/fsck.minix.c b/disk-utils/fsck.minix.c
index 9d47548848..ac2dc47fd1 100644
--- a/disk-utils/fsck.minix.c
+++ b/disk-utils/fsck.minix.c
@@ -112,6 +112,7 @@
 #include "all-io.h"
 #include "closestream.h"
 #include "rpmatch.h"
+#include "strutils.h"
 
 #define ROOT_INO 1
 #define YESNO_LENGTH 64
@@ -956,7 +957,9 @@ check_file(struct minix_inode *dir, unsigned int offset) {
 		ino = 0;
 	}
 	if (name_depth < MAX_DEPTH)
-		strncpy(name_list[name_depth], name, namelen);
+		xstrncpy(name_list[name_depth], name, namelen);
+	else
+		return;
 	name_depth++;
 	inode = get_inode(ino);
 	name_depth--;
@@ -981,7 +984,9 @@ check_file(struct minix_inode *dir, unsigned int offset) {
 	if (!inode)
 		return;
 	if (name_depth < MAX_DEPTH)
-		strncpy(name_list[name_depth], name, namelen);
+		xstrncpy(name_list[name_depth], name, namelen);
+	else
+		return;
 	name_depth++;
 	if (list) {
 		if (verbose)
@@ -1024,7 +1029,9 @@ check_file2(struct minix2_inode *dir, unsigned int offset) {
 		ino = 0;
 	}
 	if (name_depth < MAX_DEPTH)
-		strncpy(name_list[name_depth], name, namelen);
+		xstrncpy(name_list[name_depth], name, namelen);
+	else
+		return;
 	name_depth++;
 	inode = get_inode2(ino);
 	name_depth--;