# HG changeset patch
# User masneyb
# Date 1151093368 0
# Node ID 62222927016ca0f6dd043454cb0efe56b89934ab
# Parent  312dee61344122f060203d8f97051330deaad4ec
2006-6-23 Brian Masney <masneyb@gftp.org>

        * lib/fsplib/fsplib.c (fsp_readdir_native) - fixed possible heap
        overflow on operating systems that have MAXNAMLEN > 256
        (from Joerg Sonnenberger <joerg@netbsd.org>)

diff -r 312dee613441 -r 62222927016c ChangeLog
--- a/ChangeLog	Fri Jun 23 01:41:23 2006 +0000
+++ b/ChangeLog	Fri Jun 23 20:09:28 2006 +0000
@@ -1,3 +1,8 @@
+2006-6-23 Brian Masney <masneyb@gftp.org>
+	* lib/fsplib/fsplib.c (fsp_readdir_native) - fixed possible heap
+	overflow on operating systems that have MAXNAMLEN > 256
+	(from Joerg Sonnenberger <joerg@netbsd.org>)
+
 2006-6-22 Brian Masney <masneyb@gftp.org>
 	* gftp.spec.in - updated the install path for the desktop file
 	(closes #171711)
@@ -3390,7 +3395,7 @@
 
 	* cvsclean - added this script
 
-	* *.[ch] - added $Id: ChangeLog,v 1.435 2006/06/23 01:41:23 masneyb Exp $ tags
+	* *.[ch] - added $Id: ChangeLog,v 1.436 2006/06/23 20:09:24 masneyb Exp $ tags
 
 	* debian/* - updated files from Debian maintainer
 
diff -r 312dee613441 -r 62222927016c lib/fsplib/fsplib.c
--- a/lib/fsplib/fsplib.c	Fri Jun 23 01:41:23 2006 +0000
+++ b/lib/fsplib/fsplib.c	Fri Jun 23 20:09:28 2006 +0000
@@ -706,25 +706,25 @@
        dir->dirpos += 9;
        /* read file name */
        entry->name[255] = '\0';
-       strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
        namelen = strlen( (char *) dir->data+dir->dirpos);
+       if (namelen >= sizeof(entry->name) - 1) {
+           /* skip over file name */
+            dir->dirpos += namelen +1;
+            /* pad to 4 byte boundary */
+            entry->reclen += (4 - dir->dirpos) & 3;
+            dir->dirpos += (4 - dir->dirpos) & 3;
+           continue;
+       }
+       strncpy(entry->name,(char *)( dir->data + dir->dirpos ), sizeof(entry->name));
        /* skip over file name */
        dir->dirpos += namelen +1;
 
        /* set entry namelen field */
-       if (namelen > 255)
-           entry->namlen = 255;
-       else
-           entry->namlen = namelen;
+       entry->namlen = namelen;
        /* set record length */	   
        entry->reclen = 10+namelen;
 
-       /* pad to 4 byte boundary */
-       while( dir->dirpos & 0x3 )
-       {
-         dir->dirpos++;
-         entry->reclen++;
-       }
+       dir->dirpos += (4 - dir->dirpos) & 3;
 
        /* and return it */
        *result=entry;