Aren/haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Changed the way fix_dirent() copies the entry: it will now copy the complete

Browse Source 
dirent without the name first, and will then check if the d_reclen member
  is valid before copying the name.
* This shows the problem with the FAT file system that was revealed by r26859.


git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@27128 a95241bf-73f2-0310-859d-f6bbb57e9c96
This commit is contained in:
Axel Dörfler 2008-08-22 08:02:38 +00:00
parent 521a945c90
commit 2fd4fdcf3b
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/system/kernel/fs/vfs.cpp
View File

@ -5156,12 +5156,15 @@ fix_dirent(struct vnode *parent, struct dirent *userEntry,
struct dirent* entry;
if (IS_USER_ADDRESS(userEntry)) {
unsigned short length;
entry = (struct dirent*)buffer;
if (user_memcpy(&length, &userEntry->d_reclen, sizeof(length)) != B_OK
|| user_memcpy(entry, userEntry, length) != B_OK)
if (user_memcpy(entry, userEntry, sizeof(struct dirent) - 1) != B_OK)
return B_BAD_ADDRESS;
ASSERT(entry->d_reclen >= sizeof(struct dirent));
if (user_memcpy(entry->d_name, userEntry->d_name,
entry->d_reclen - sizeof(struct dirent)) != B_OK)
return B_BAD_ADDRESS;
} else
entry = userEntry;