From db3e93788908eb846131023f8db62286812b9792 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@gnu.org>
Date: Fri, 10 Aug 2001 04:42:07 +0000
Subject: 2001-08-09  Roland McGrath  <roland@frob.com>

	* inode.c (diskfs_get_translator): Fail with EFTYPE if the length
	field stored on disk is unreasonable.  Don't crash on ENOMEM.
	Use memcpy instead of bcopy.
---
 ext2fs/inode.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'ext2fs/inode.c')

diff --git a/ext2fs/inode.c b/ext2fs/inode.c
index 0485b71e..a3483c00 100644
--- a/ext2fs/inode.c
+++ b/ext2fs/inode.c
@@ -712,7 +712,7 @@ diskfs_get_translator (struct node *np, char **namep, unsigned *namelen)
   error_t err = 0;
   daddr_t blkno;
   unsigned datalen;
-  void *transloc;
+  const void *transloc;
 
   assert (sblock->s_creator_os == EXT2_OS_HURD);
 
@@ -726,10 +726,16 @@ diskfs_get_translator (struct node *np, char **namep, unsigned *namelen)
 
   datalen =
     ((unsigned char *)transloc)[0] + (((unsigned char *)transloc)[1] << 8);
-  *namep = malloc (datalen);
-  if (!*namep)
-    err = ENOMEM;
-  bcopy (transloc + 2, *namep, datalen);
+  if (datalen > block_size)
+    err = EFTYPE;		/* ? */
+  else
+    {
+      *namep = malloc (datalen);
+      if (!*namep)
+	err = ENOMEM;
+      else
+	memcpy (*namep, transloc + 2, datalen);
+    }
 
   diskfs_end_catch_exception ();
 
-- 
cgit v1.2.3