From 4ec2910fb670afabc1296bfc57bfd41ca50f00b1 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 27 Nov 2013 15:09:43 -0800
Subject: [PATCH] Increase buffer size, use bounds checking functions

Increase the size of the user/group buffer from 16 bytes
to 32 bytes. Some OEMs are creating usernames longer than
15 bytes, causing problems.

Use bounds checking functions when handling user/group
data, to avoid overflowing buffers.

Change-Id: I4a5824b819b0c37662ba4f33573af0d0e071b444
---
 toolbox/ls.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/toolbox/ls.c b/toolbox/ls.c
index 532451113..c73695808 100644
--- a/toolbox/ls.c
+++ b/toolbox/ls.c
@@ -75,23 +75,23 @@ static void mode2str(unsigned mode, char *out)
     *out = 0;
 }
 
-static void user2str(unsigned uid, char *out)
+static void user2str(uid_t uid, char *out, size_t out_size)
 {
     struct passwd *pw = getpwuid(uid);
     if(pw) {
-        strcpy(out, pw->pw_name);
+        strlcpy(out, pw->pw_name, out_size);
     } else {
-        sprintf(out, "%d", uid);
+        snprintf(out, out_size, "%d", uid);
     }
 }
 
-static void group2str(unsigned gid, char *out)
+static void group2str(gid_t gid, char *out, size_t out_size)
 {
     struct group *gr = getgrgid(gid);
     if(gr) {
-        strcpy(out, gr->gr_name);
+        strlcpy(out, gr->gr_name, out_size);
     } else {
-        sprintf(out, "%d", gid);
+        snprintf(out, out_size, "%d", gid);
     }
 }
 
@@ -164,8 +164,8 @@ static int listfile_long(const char *path, struct stat *s, int flags)
 {
     char date[32];
     char mode[16];
-    char user[16];
-    char group[16];
+    char user[32];
+    char group[32];
     const char *name;
 
     if(!s || !path) {
@@ -182,11 +182,11 @@ static int listfile_long(const char *path, struct stat *s, int flags)
 
     mode2str(s->st_mode, mode);
     if (flags & LIST_LONG_NUMERIC) {
-        sprintf(user, "%ld", s->st_uid);
-        sprintf(group, "%ld", s->st_gid);
+        snprintf(user, sizeof(user), "%ld", s->st_uid);
+        snprintf(group, sizeof(group), "%ld", s->st_gid);
     } else {
-        user2str(s->st_uid, user);
-        group2str(s->st_gid, group);
+        user2str(s->st_uid, user, sizeof(user));
+        group2str(s->st_gid, group, sizeof(group));
     }
 
     strftime(date, 32, "%Y-%m-%d %H:%M", localtime((const time_t*)&s->st_mtime));
@@ -238,8 +238,8 @@ static int listfile_long(const char *path, struct stat *s, int flags)
 static int listfile_maclabel(const char *path, struct stat *s, int flags)
 {
     char mode[16];
-    char user[16];
-    char group[16];
+    char user[32];
+    char group[32];
     char *maclabel = NULL;
     const char *name;
 
@@ -261,8 +261,8 @@ static int listfile_maclabel(const char *path, struct stat *s, int flags)
     }
 
     mode2str(s->st_mode, mode);
-    user2str(s->st_uid, user);
-    group2str(s->st_gid, group);
+    user2str(s->st_uid, user, sizeof(user));
+    group2str(s->st_gid, group, sizeof(group));
 
     switch(s->st_mode & S_IFMT) {
     case S_IFLNK: {