diff options
| author | Jan Engelhardt <jengelh@inai.de> | 2012-07-03 03:28:50 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@inai.de> | 2012-07-03 03:35:17 +0200 |
| commit | 6feab338aed1ad390ba4b0042f0490c7e317c7e3 (patch) | |
| tree | 94c4c8329e8b4e6cabd0df47b4bb3c7d1db5293a | |
| parent | cb9540a5b8dcc6640e39fe9cc948d385bfa82664 (diff) | |
| download | bindfs-6feab338aed1ad390ba4b0042f0490c7e317c7e3.tar.gz | |
bindfs: avoid crash due to too-short allocation
pathconf() can return negative values to indicate an error. Using the
result of pathconf naïvely in arithmetic is therefore inappropriate.
| -rw-r--r-- | src/bindfs.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/bindfs.c b/src/bindfs.c index ded13be..48b732c 100644 --- a/src/bindfs.c +++ b/src/bindfs.c @@ -54,6 +54,7 @@ #include <assert.h> #include <pwd.h> #include <grp.h> +#include <limits.h> #ifdef HAVE_SETXATTR #include <sys/xattr.h> #endif @@ -399,9 +400,13 @@ static int bindfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler, struct dirent *de; struct stat st; int result = 0; - - de_buf = malloc(offsetof(struct dirent, d_name) + pathconf(path, _PC_NAME_MAX) + 1); - + long pc_ret; + + pc_ret = pathconf(path, _PC_NAME_MAX); + if (pc_ret < 0) + pc_ret = NAME_MAX; /* or scream and abort()? */ + de_buf = malloc(offsetof(struct dirent, d_name) + pc_ret + 1); + seekdir(dp, offset); while (1) { result = readdir_r(dp, de_buf, &de); |