From 8b021bb956c3c890255d611f3780d3be7638a63a Mon Sep 17 00:00:00 2001
From: Patrick Wildt
Date: Mon, 26 Nov 2018 15:58:13 +0100
Subject: fs: fix FAT name extraction

The long name apparently can be accumulated using multiple
13-byte slots.  Unfortunately we never checked how many we
can actually fit in the buffer we are reading to.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
---
 fs/fat/fat.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index e0c076763f5..ac8913e7192 100644
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -821,6 +821,9 @@ static dir_entry *extract_vfat_name(fat_itr *itr)
 
 		slot2str((dir_slot *)dent, buf, &idx);
 
+		if (n + idx >= sizeof(itr->l_name))
+			return NULL;
+
 		/* shift accumulated long-name up and copy new part in: */
 		memmove(itr->l_name + idx, itr->l_name, n);
 		memcpy(itr->l_name, buf, idx);
-- 
cgit v1.2.3