From db3e93788908eb846131023f8db62286812b9792 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@gnu.org>
Date: Fri, 10 Aug 2001 04:42:07 +0000
Subject: 2001-08-09  Roland McGrath  <roland@frob.com>

	* inode.c (diskfs_get_translator): Fail with EFTYPE if the length
	field stored on disk is unreasonable.  Don't crash on ENOMEM.
	Use memcpy instead of bcopy.
---
 ufs/inode.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'ufs/inode.c')

diff --git a/ufs/inode.c b/ufs/inode.c
index 2647754c..28f18dbd 100644
--- a/ufs/inode.c
+++ b/ufs/inode.c
@@ -602,7 +602,7 @@ diskfs_get_translator (struct node *np, char **namep, u_int *namelen)
   error_t err;
   daddr_t blkno;
   u_int datalen;
-  void *transloc;
+  const void *transloc;
 
   err = diskfs_catch_exception ();
   if (err)
@@ -613,8 +613,15 @@ diskfs_get_translator (struct node *np, char **namep, u_int *namelen)
   transloc = disk_image + fsaddr (sblock, blkno);
 
   datalen = *(u_int *)transloc;
-  *namep = malloc (datalen);
-  bcopy (transloc + sizeof (u_int), *namep, datalen);
+  if (datalen > sblock->fs_bsize)
+    err = EFTYPE;
+  else
+    {
+      *namep = malloc (datalen);
+      if (*namep == NULL)
+	err = ENOMEM;
+      memcpy (*namep, transloc + sizeof (u_int), datalen);
+    }
 
   diskfs_end_catch_exception ();
 
-- 
cgit v1.2.3