Fix buffer overflow in tinydir_file_open with long path names

cxong · Dec 2, 2023 · 8124807 · 8124807
1 parent 74acffd
commit 8124807
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+# macOS
+.DS_Store
diff --git a/tests/.gitignore b/tests/.gitignore
@@ -42,6 +42,7 @@ Makefile
 # OS X
 CMakeScripts/
 *.xcodeproj
+build/
 
 # Test files
 *.tmp
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.5)
 
 project(tinydir_tests C)
 

diff --git a/tests/file_open_test.c b/tests/file_open_test.c
@@ -17,6 +17,20 @@ FEATURE(file_open, "File open")
 			SHOULD_INT_EQUAL(r, 0);
 		remove(name);
 	SCENARIO_END
+	SCENARIO("Open file with a very long filename")
+		GIVEN("a file with a long filename in a folder with a long filename")
+			char folder[4096];
+			make_temp_dir("temp_dir_", folder);
+			strcat(folder, "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+			mkdir(folder, 0700);
+			strcat(folder, "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+			mkdir(folder, 0700);
+		WHEN("we open it")
+			tinydir_file file;
+			int r = tinydir_file_open(&file, folder);
+		THEN("the result should be successful")
+			SHOULD_INT_EQUAL(r, 0);
+	SCENARIO_END
 FEATURE_END
 
 CBEHAVE_RUN("File open:", TEST_FEATURE(file_open))
diff --git a/tests/util.c b/tests/util.c
@@ -27,3 +27,22 @@ void make_temp_file(const char *prefix, char *out)
 	close(mkstemp(out));
 #endif
 }
+
+void make_temp_dir(const char *prefix, char *out)
+{
+#ifdef _MSC_VER
+	if (GetTempFileName(".", prefix, 0, out) != 0)
+	{
+		// Strip the ".\\" prefix
+		if (strncmp(out, ".\\", 2) == 0)
+		{
+			memmove(out, out + 2, strlen(out));
+		}
+		// Create file
+		fclose(fopen(out, "w"));
+	}
+#else
+	sprintf(out, "%sXXXXXX", prefix);
+	mkdtemp(out);
+#endif
+}
diff --git a/tests/util.h b/tests/util.h
@@ -1,3 +1,4 @@
 #pragma once
 
 void make_temp_file(const char *prefix, char *out);
+void make_temp_dir(const char *prefix, char *out);
diff --git a/tinydir.h b/tinydir.h
@@ -643,7 +643,7 @@ int tinydir_file_open(tinydir_file *file, const _tinydir_char_t *path)
 	int result = 0;
 	int found = 0;
 	_tinydir_char_t dir_name_buf[_TINYDIR_PATH_MAX];
-	_tinydir_char_t file_name_buf[_TINYDIR_FILENAME_MAX];
+	_tinydir_char_t file_name_buf[_TINYDIR_PATH_MAX];
 	_tinydir_char_t *dir_name;
 	_tinydir_char_t *base_name;
 #if (defined _MSC_VER || defined __MINGW32__)