debugfs: fix sprintf stack overflow

The htree dump code overflows a char buffer if the directory has a long
filename because the buffer is not large enough to hold the characters that are
not part of the filename.  Make the buffer larger and use snprintf instead.

Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/debugfs/htree.c b/debugfs/htree.c
index 06e7737..05745eb 100644 (file)
--- a/debugfs/htree.c
+++ b/debugfs/htree.c
@@ -39,7 +39,7 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino,
        int             thislen, col = 0;
        unsigned int    offset = 0;
        char            name[EXT2_NAME_LEN + 1];
-       char            tmp[EXT2_NAME_LEN + 16];
+       char            tmp[EXT2_NAME_LEN + 64];
        blk64_t         pblk;
        ext2_dirhash_t  hash, minor_hash;
        unsigned int    rec_len;
@@ -91,8 +91,8 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino,
                if (errcode)
                        com_err("htree_dump_leaf_node", errcode,
                                "while calculating hash");
-               sprintf(tmp, "%u 0x%08x-%08x (%d) %s   ", dirent->inode,
-                       hash, minor_hash, rec_len, name);
+               snprintf(tmp, EXT2_NAME_LEN + 64, "%u 0x%08x-%08x (%d) %s   ",
+                       dirent->inode, hash, minor_hash, rec_len, name);
                thislen = strlen(tmp);
                if (col + thislen > 80) {
                        fprintf(pager, "\n");