Module Name: src
Committed By: dholland
Date: Sun Sep 20 04:50:58 UTC 2015
Modified Files:
src/sys/ufs/lfs: lfs_accessors.h
Log Message:
Fix glaringly stupid overflow/sizing bug in -r1.25. The part I don't
get is how it passed testing...
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sys/ufs/lfs/lfs_accessors.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/ufs/lfs/lfs_accessors.h
diff -u src/sys/ufs/lfs/lfs_accessors.h:1.27 src/sys/ufs/lfs/lfs_accessors.h:1.28
--- src/sys/ufs/lfs/lfs_accessors.h:1.27 Tue Sep 15 15:02:25 2015
+++ src/sys/ufs/lfs/lfs_accessors.h Sun Sep 20 04:50:58 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: lfs_accessors.h,v 1.27 2015/09/15 15:02:25 dholland Exp $ */
+/* $NetBSD: lfs_accessors.h,v 1.28 2015/09/20 04:50:58 dholland Exp $ */
/* from NetBSD: lfs.h,v 1.165 2015/07/24 06:59:32 dholland Exp */
/* from NetBSD: dinode.h,v 1.22 2013/01/22 09:39:18 dholland Exp */
@@ -317,11 +317,16 @@ static __unused inline void
lfs_copydirname(STRUCT_LFS *fs, char *dest, const char *src,
unsigned namlen, unsigned reclen)
{
+ unsigned spacelen;
+
+ KASSERT(reclen > sizeof(struct lfs_dirheader));
+ spacelen = reclen - sizeof(struct lfs_dirheader);
+
/* must always be at least 1 byte as a null terminator */
- KASSERT(reclen > namlen);
+ KASSERT(spacelen > namlen);
memcpy(dest, src, namlen);
- memset(dest + namlen, '\0', reclen - namlen);
+ memset(dest + namlen, '\0', spacelen - namlen);
}
/*
