From: Urban Wallasch <urban.wallasch@freenet.de>
Date: Sat, 6 Jun 2020 10:34:44 +0000 (+0200)
Subject: * Check for truncation of output path.
X-Git-Url: https://git.packet-gain.de/?a=commitdiff_plain;h=cbb162bfad10ddce82a40061ee55008ffa127373;p=riffx.git

* Check for truncation of output path.
---

diff --git a/riffx.c b/riffx.c
index a82c948..d71ae66 100644
--- a/riffx.c
+++ b/riffx.c
@@ -342,7 +342,7 @@ int main(int argc, char *argv[]) {
 
     /* Loop over remaining arguments as input files: */
     for (total = 0, i = argidx; i < argc; i++) {
-        int fd, cnt;
+        int fd, cnt, n;
         char fpfx[PATH_MAX], tfn[PATH_MAX], *x;
 
         fd = -1;
@@ -364,12 +364,17 @@ int main(int argc, char *argv[]) {
         if (cfg.use_basename) {
             x = strrchr(tfn, '/');
             x = x ? x : tfn;
-            snprintf(fpfx, sizeof fpfx, "%s/%03d_%s_", odir, i - argidx, x);
+            n = snprintf(fpfx, sizeof fpfx, "%s/%03d_%s_", odir, i - argidx, x);
         }
         else {
-            snprintf(fpfx, sizeof fpfx, "%s/%s/", odir, tfn);
-            mkdirp(fpfx, 0755);
+            n = snprintf(fpfx, sizeof fpfx, "%s/%s/", odir, tfn);
         }
+	if ( (size_t)n >= sizeof fpfx ) {
+	    LOG("output directory path truncated: '%s'\n", fpfx);
+	    exit(EXIT_FAILURE);
+	}
+        if (!cfg.use_basename)
+            mkdirp(fpfx, 0755);
         LOG("Dumping to %s...\n", fpfx);
         cnt = extract(fd, fpfx);
         close(fd);