From 1e49d03dbc31747dc11b09d1afc479cb41e4b3ee Mon Sep 17 00:00:00 2001
From: TerryE <terry@ellisons.org.uk>
Date: Fri, 4 Mar 2016 01:46:35 +0000
Subject: [PATCH] Limit file.open() names to 31 char max C string format. See
 #1112

---
 app/modules/file.c           | 2 +-
 app/spiffs/spiffs_hydrogen.c | 3 ++-
 app/spiffs/spiffs_nucleus.c  | 6 +++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/app/modules/file.c b/app/modules/file.c
index f5d82d8b..525d9abe 100644
--- a/app/modules/file.c
+++ b/app/modules/file.c
@@ -20,7 +20,7 @@ static int file_open( lua_State* L )
   }
 
   const char *fname = luaL_checklstring( L, 1, &len );
-  luaL_argcheck(L, len <= FS_NAME_MAX_LENGTH, 1, "filename too long");
+  luaL_argcheck(L, len < FS_NAME_MAX_LENGTH && c_strlen(fname) == len, 1, "filename invalid");
 
   const char *mode = luaL_optstring(L, 2, "r");
 
diff --git a/app/spiffs/spiffs_hydrogen.c b/app/spiffs/spiffs_hydrogen.c
index 34b5861b..49d189bf 100644
--- a/app/spiffs/spiffs_hydrogen.c
+++ b/app/spiffs/spiffs_hydrogen.c
@@ -764,7 +764,8 @@ static s32_t spiffs_read_dir_v(
           (SPIFFS_PH_FLAG_DELET | SPIFFS_PH_FLAG_IXDELE)) {
     struct spiffs_dirent *e = (struct spiffs_dirent *)user_p;
     e->obj_id = obj_id;
-    strcpy((char *)e->name, (char *)objix_hdr.name);
+    strncpy((char *)e->name, (char *)objix_hdr.name, SPIFFS_OBJ_NAME_LEN);
+
     e->type = objix_hdr.type;
     e->size = objix_hdr.size == SPIFFS_UNDEFINED_LEN ? 0 : objix_hdr.size;
     e->pix = pix;
diff --git a/app/spiffs/spiffs_nucleus.c b/app/spiffs/spiffs_nucleus.c
index 8e81520d..eacca177 100644
--- a/app/spiffs/spiffs_nucleus.c
+++ b/app/spiffs/spiffs_nucleus.c
@@ -1349,7 +1349,7 @@ static s32_t spiffs_object_find_object_index_header_by_name_v(
   if (objix_hdr.p_hdr.span_ix == 0 &&
       (objix_hdr.p_hdr.flags & (SPIFFS_PH_FLAG_DELET | SPIFFS_PH_FLAG_FINAL | SPIFFS_PH_FLAG_IXDELE)) ==
           (SPIFFS_PH_FLAG_DELET | SPIFFS_PH_FLAG_IXDELE)) {
-    if (strcmp((char *)user_p, (char *)objix_hdr.name) == 0) {
+    if (strncmp((char *)user_p, (char *)objix_hdr.name, SPIFFS_OBJ_NAME_LEN) == 0) {
       return SPIFFS_OK;
     }
   }
@@ -1715,7 +1715,7 @@ static s32_t spiffs_obj_lu_find_free_obj_id_bitmap_v(spiffs *fs, spiffs_obj_id i
       if (objix_hdr.p_hdr.span_ix == 0 &&
           (objix_hdr.p_hdr.flags & (SPIFFS_PH_FLAG_DELET | SPIFFS_PH_FLAG_FINAL | SPIFFS_PH_FLAG_IXDELE)) ==
               (SPIFFS_PH_FLAG_DELET | SPIFFS_PH_FLAG_IXDELE)) {
-        if (strcmp((char *)user_p, (char *)objix_hdr.name) == 0) {
+        if (strncmp((char *)user_p, (char *)objix_hdr.name, SPIFFS_OBJ_NAME_LEN) == 0) {
           return SPIFFS_ERR_CONFLICTING_NAME;
         }
       }
@@ -1745,7 +1745,7 @@ static s32_t spiffs_obj_lu_find_free_obj_id_compact_v(spiffs *fs, spiffs_obj_id
         ((objix_hdr.p_hdr.flags & (SPIFFS_PH_FLAG_INDEX | SPIFFS_PH_FLAG_FINAL | SPIFFS_PH_FLAG_DELET)) ==
             (SPIFFS_PH_FLAG_DELET))) {
       // ok object look up entry
-      if (state->conflicting_name && strcmp((const char *)state->conflicting_name, (char *)objix_hdr.name) == 0) {
+      if (state->conflicting_name && strncmp((const char *)state->conflicting_name, (char *)objix_hdr.name, SPIFFS_OBJ_NAME_LEN) == 0) {
         return SPIFFS_ERR_CONFLICTING_NAME;
       }