Mercurial > gftp.yaz
changeset 760:62222927016c
2006-6-23 Brian Masney <masneyb@gftp.org>
* lib/fsplib/fsplib.c (fsp_readdir_native) - fixed possible heap
overflow on operating systems that have MAXNAMLEN > 256
(from Joerg Sonnenberger <joerg@netbsd.org>)
| author | masneyb |
|---|---|
| date | Fri, 23 Jun 2006 20:09:28 +0000 |
| parents | 312dee613441 |
| children | 700130901093 |
| files | ChangeLog lib/fsplib/fsplib.c |
| diffstat | 2 files changed, 17 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jun 23 01:41:23 2006 +0000 +++ b/ChangeLog Fri Jun 23 20:09:28 2006 +0000 @@ -1,3 +1,8 @@ +2006-6-23 Brian Masney <masneyb@gftp.org> + * lib/fsplib/fsplib.c (fsp_readdir_native) - fixed possible heap + overflow on operating systems that have MAXNAMLEN > 256 + (from Joerg Sonnenberger <joerg@netbsd.org>) + 2006-6-22 Brian Masney <masneyb@gftp.org> * gftp.spec.in - updated the install path for the desktop file (closes #171711) @@ -3390,7 +3395,7 @@ * cvsclean - added this script - * *.[ch] - added $Id: ChangeLog,v 1.435 2006/06/23 01:41:23 masneyb Exp $ tags + * *.[ch] - added $Id: ChangeLog,v 1.436 2006/06/23 20:09:24 masneyb Exp $ tags * debian/* - updated files from Debian maintainer
--- a/lib/fsplib/fsplib.c Fri Jun 23 01:41:23 2006 +0000 +++ b/lib/fsplib/fsplib.c Fri Jun 23 20:09:28 2006 +0000 @@ -706,25 +706,25 @@ dir->dirpos += 9; /* read file name */ entry->name[255] = '\0'; - strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN); namelen = strlen( (char *) dir->data+dir->dirpos); + if (namelen >= sizeof(entry->name) - 1) { + /* skip over file name */ + dir->dirpos += namelen +1; + /* pad to 4 byte boundary */ + entry->reclen += (4 - dir->dirpos) & 3; + dir->dirpos += (4 - dir->dirpos) & 3; + continue; + } + strncpy(entry->name,(char *)( dir->data + dir->dirpos ), sizeof(entry->name)); /* skip over file name */ dir->dirpos += namelen +1; /* set entry namelen field */ - if (namelen > 255) - entry->namlen = 255; - else - entry->namlen = namelen; + entry->namlen = namelen; /* set record length */ entry->reclen = 10+namelen; - /* pad to 4 byte boundary */ - while( dir->dirpos & 0x3 ) - { - dir->dirpos++; - entry->reclen++; - } + dir->dirpos += (4 - dir->dirpos) & 3; /* and return it */ *result=entry;