AppleDouble buffer overrun by extremely long filename

author HAT <hat@fa2.so-net.ne.jp>

Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)

committer HAT <hat@fa2.so-net.ne.jp>

Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)
author HAT <hat@fa2.so-net.ne.jp>
Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)
committer HAT <hat@fa2.so-net.ne.jp>
Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)
diff --git a/NEWS b/NEWS

index daed57ab0274f0bf9a5b5e09e7d619941ad6a965..a03e5dca48e295de1b72bb720aef380f130eca38 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Changes in 2.1.6
  * FIX: gentoo: cannot set $CNID_CONFIG
  * FIX: ubuntu: servername was empty
  * FIX: Solaris: configure script failed to enable DDP module
+* FIX: AppleDouble buffer overrun by extremely long filename
  * UPD: afpd: return version info with machine type in DSIGetStatus
  
  Changes in 2.1.5
diff --git a/libatalk/adouble/ad_attr.c b/libatalk/adouble/ad_attr.c

index 8b3a32041325a5d405cc114fc1208eba38aa5456..123560b5683b3e4af2729ce02631f238c48ffe4a 100644 (file)
--- a/libatalk/adouble/ad_attr.c
+++ b/libatalk/adouble/ad_attr.c
@@ -190,9 +190,12 @@ u_int32_t ad_forcegetid (struct adouble *adp)
   */
  int ad_setname(struct adouble *ad, const char *path)
  {
+    int len;
+    if ((len = strlen(path)) > ADEDLEN_NAME)
+        len = ADEDLEN_NAME;
      if (path && ad_getentryoff(ad, ADEID_NAME)) {
-        ad_setentrylen( ad, ADEID_NAME, strlen( path ));
-        memcpy(ad_entry( ad, ADEID_NAME ), path, ad_getentrylen( ad, ADEID_NAME ));
+        ad_setentrylen( ad, ADEID_NAME, len);
+        memcpy(ad_entry( ad, ADEID_NAME ), path, len);
          return 1;
      }
      return 0;
author	HAT <hat@fa2.so-net.ne.jp>
	Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)
committer	HAT <hat@fa2.so-net.ne.jp>
	Sat, 22 Jan 2011 12:13:27 +0000 (21:13 +0900)
NEWS		patch \| blob \| history
libatalk/adouble/ad_attr.c		patch \| blob \| history