From f2ff42e80acb2499c45e6bae48e848ad46946c8d Mon Sep 17 00:00:00 2001 From: Christopher Haster Date: Mon, 13 Feb 2017 15:08:37 -0600 Subject: [PATCH] Filesystem: Fixed buffer overflow in FATFileSystem::open Picked up by 'FSFAT_FOPEN_TEST_16: write/check n x 25kB data files.' --- features/filesystem/fat/FATFileSystem.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/features/filesystem/fat/FATFileSystem.cpp b/features/filesystem/fat/FATFileSystem.cpp index 631cbff6172..1adc5453476 100644 --- a/features/filesystem/fat/FATFileSystem.cpp +++ b/features/filesystem/fat/FATFileSystem.cpp @@ -199,8 +199,8 @@ int FATFileSystem::format(BlockDevice *bd, int allocation_unit) { FileHandle *FATFileSystem::open(const char* name, int flags) { lock(); debug_if(FFS_DBG, "open(%s) on filesystem [%s], drv [%s]\n", name, getName(), _fsid); - char n[64]; - sprintf(n, "%s:/%s", _fsid, name); + char *buffer = new char[strlen(_fsid) + strlen(name) + 3]; + sprintf(buffer, "%s:/%s", _fsid, name); /* POSIX flags -> FatFS open mode */ BYTE openmode; @@ -220,8 +220,10 @@ FileHandle *FATFileSystem::open(const char* name, int flags) { } FIL fh; - FRESULT res = f_open(&fh, n, openmode); + FRESULT res = f_open(&fh, buffer, openmode); fat_filesystem_set_errno(res); + delete[] buffer; + if (res) { debug_if(FFS_DBG, "f_open('w') failed: %d\n", res); unlock();