Mercurial > gftp.yaz
diff lib/fsplib/fsplib.c @ 760:62222927016c
2006-6-23 Brian Masney <masneyb@gftp.org>
* lib/fsplib/fsplib.c (fsp_readdir_native) - fixed possible heap
overflow on operating systems that have MAXNAMLEN > 256
(from Joerg Sonnenberger <joerg@netbsd.org>)
author | masneyb |
---|---|
date | Fri, 23 Jun 2006 20:09:28 +0000 |
parents | ba82724da370 |
children | 26fb4e66736c |
line wrap: on
line diff
--- a/lib/fsplib/fsplib.c Fri Jun 23 01:41:23 2006 +0000 +++ b/lib/fsplib/fsplib.c Fri Jun 23 20:09:28 2006 +0000 @@ -706,25 +706,25 @@ dir->dirpos += 9; /* read file name */ entry->name[255] = '\0'; - strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN); namelen = strlen( (char *) dir->data+dir->dirpos); + if (namelen >= sizeof(entry->name) - 1) { + /* skip over file name */ + dir->dirpos += namelen +1; + /* pad to 4 byte boundary */ + entry->reclen += (4 - dir->dirpos) & 3; + dir->dirpos += (4 - dir->dirpos) & 3; + continue; + } + strncpy(entry->name,(char *)( dir->data + dir->dirpos ), sizeof(entry->name)); /* skip over file name */ dir->dirpos += namelen +1; /* set entry namelen field */ - if (namelen > 255) - entry->namlen = 255; - else - entry->namlen = namelen; + entry->namlen = namelen; /* set record length */ entry->reclen = 10+namelen; - /* pad to 4 byte boundary */ - while( dir->dirpos & 0x3 ) - { - dir->dirpos++; - entry->reclen++; - } + dir->dirpos += (4 - dir->dirpos) & 3; /* and return it */ *result=entry;