From: David van Moolenbroek Date: Fri, 30 Nov 2012 12:22:36 +0000 (+0000) Subject: VFS: fix off-by-one in get_name() X-Git-Tag: v3.2.1~178 X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/expt.png?a=commitdiff_plain;h=766047123a410cd22e5380de1a2ef304ae18f60f;p=minix.git VFS: fix off-by-one in get_name() --- diff --git a/servers/vfs/path.c b/servers/vfs/path.c index 4b5de554d..ba1d81089 100644 --- a/servers/vfs/path.c +++ b/servers/vfs/path.c @@ -620,7 +620,7 @@ char ename[NAME_MAX + 1]; cur = (struct dirent *) (buf + consumed); name_len = cur->d_reclen - offsetof(struct dirent, d_name) - 1; - if(cur->d_name + name_len+1 >= &buf[DIR_ENTRIES*DIR_ENTRY_SIZE]) + if(cur->d_name + name_len+1 > &buf[sizeof(buf)]) return(EINVAL); /* Rubbish in dir entry */ if (entry->v_inode_nr == cur->d_ino) { /* found the entry we were looking for */