From 82ff036e8081d62a963d8f533389bf308b4f56ac Mon Sep 17 00:00:00 2001
From: HAT <hat@fa2.so-net.ne.jp>
Date: Sat, 22 Jan 2011 21:13:27 +0900
Subject: [PATCH] AppleDouble buffer overrun by extremely long filename

---
 NEWS                       | 1 +
 libatalk/adouble/ad_attr.c | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index daed57ab..a03e5dca 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Changes in 2.1.6
 * FIX: gentoo: cannot set $CNID_CONFIG
 * FIX: ubuntu: servername was empty
 * FIX: Solaris: configure script failed to enable DDP module
+* FIX: AppleDouble buffer overrun by extremely long filename
 * UPD: afpd: return version info with machine type in DSIGetStatus
 
 Changes in 2.1.5
diff --git a/libatalk/adouble/ad_attr.c b/libatalk/adouble/ad_attr.c
index 8b3a3204..123560b5 100644
--- a/libatalk/adouble/ad_attr.c
+++ b/libatalk/adouble/ad_attr.c
@@ -190,9 +190,12 @@ u_int32_t ad_forcegetid (struct adouble *adp)
  */
 int ad_setname(struct adouble *ad, const char *path)
 {
+    int len;
+    if ((len = strlen(path)) > ADEDLEN_NAME)
+        len = ADEDLEN_NAME;
     if (path && ad_getentryoff(ad, ADEID_NAME)) {
-        ad_setentrylen( ad, ADEID_NAME, strlen( path ));
-        memcpy(ad_entry( ad, ADEID_NAME ), path, ad_getentrylen( ad, ADEID_NAME ));
+        ad_setentrylen( ad, ADEID_NAME, len);
+        memcpy(ad_entry( ad, ADEID_NAME ), path, len);
         return 1;
     }
     return 0;
-- 
2.39.2