From 869875b48b4455937fdddb7c98fbff7699c1effb Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Fri, 4 Jul 2008 03:41:19 -0400 Subject: 9pfuse: better handling of SETXATTR (sqweek) --- src/cmd/9pfuse/fuse.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'src/cmd/9pfuse') diff --git a/src/cmd/9pfuse/fuse.c b/src/cmd/9pfuse/fuse.c index e78bae88..5057bde1 100644 --- a/src/cmd/9pfuse/fuse.c +++ b/src/cmd/9pfuse/fuse.c @@ -45,7 +45,7 @@ FuseMsg* readfusemsg(void) { FuseMsg *m; - int n; + int n, nn; m = allocfusemsg(); errno = 0; @@ -173,10 +173,13 @@ readfusemsg(void) goto bad; break; case FUSE_SETXATTR: - /* struct and two strings */ - if(m->hdr->len <= sizeof(struct fuse_setxattr_in) - || ((char*)m->tx)[m->hdr->len-1] != 0 - || memchr((uchar*)m->tx+sizeof(struct fuse_setxattr_in), 0, m->hdr->len-sizeof(struct fuse_setxattr_in)-1) == 0) + /* struct, one string, and one binary blob */ + if(m->hdr->len <= sizeof(struct fuse_setxattr_in)) + goto bad; + nn = ((struct fuse_setxattr_in*)m->tx)->size; + if(m->hdr->len < sizeof(struct fuse_setxattr_in)+nn+1) + goto bad; + if(((char*)m->tx)[m->hdr->len-nn-1] != 0) goto bad; break; case FUSE_GETXATTR: -- cgit v1.2.3