From a38b1cbc5e917d945340a6dd9dba4274a2eb8789 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Date: Fri, 23 Aug 2019 13:23:58 +0200
Subject: Size accounting + alloc() overflow checking, round #2

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 lib/fstree/get_path.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'lib/fstree/get_path.c')

diff --git a/lib/fstree/get_path.c b/lib/fstree/get_path.c
index decf92e..f464ade 100644
--- a/lib/fstree/get_path.c
+++ b/lib/fstree/get_path.c
@@ -7,9 +7,11 @@
 #include "config.h"
 
 #include "fstree.h"
+#include "util.h"
 
 #include <string.h>
 #include <stdlib.h>
+#include <errno.h>
 
 char *fstree_get_path(tree_node_t *node)
 {
@@ -21,14 +23,19 @@ char *fstree_get_path(tree_node_t *node)
 		return strdup("/");
 
 	for (it = node; it != NULL && it->parent != NULL; it = it->parent) {
-		len += strlen(it->name) + 1;
+		if (SZ_ADD_OV(len, strlen(it->name), &len) ||
+		    SZ_ADD_OV(len, 1, &len))
+			goto fail_ov;
 	}
 
-	str = malloc(len + 1);
+	if (SZ_ADD_OV(len, 1, &len))
+		goto fail_ov;
+
+	str = malloc(len);
 	if (str == NULL)
 		return NULL;
 
-	ptr = str + len;
+	ptr = str + len - 1;
 	*ptr = '\0';
 
 	for (it = node; it != NULL && it->parent != NULL; it = it->parent) {
@@ -40,4 +47,7 @@ char *fstree_get_path(tree_node_t *node)
 	}
 
 	return str;
+fail_ov:
+	errno = EOVERFLOW;
+	return NULL;
 }
-- 
cgit v1.2.3