Improved a length check in parse_merge_name().

author Wayne Davison <wayned@samba.org>

Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)

committer Wayne Davison <wayned@samba.org>

Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)
author Wayne Davison <wayned@samba.org>
Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)
committer Wayne Davison <wayned@samba.org>
Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)
diff --git a/exclude.c b/exclude.c

index 9db8f1a..085d264 100644 (file)
--- a/exclude.c
+++ b/exclude.c
@@ -332,12 +332,13 @@ static char *parse_merge_name(const char *merge_file, unsigned int *len_ptr,
  
         /* If the name isn't in buf yet, it's wasn't absolute. */
         if (fn != buf) {
  
         /* If the name isn't in buf yet, it's wasn't absolute. */
         if (fn != buf) {
-               if (dirbuf_len + fn_len >= MAXPATHLEN) {
+               int d_len = dirbuf_len - prefix_skip;
+               if (d_len + fn_len >= MAXPATHLEN) {
                         rprintf(FERROR, "merge-file name overflows: %s\n", fn);
                         return NULL;
                 }
                         rprintf(FERROR, "merge-file name overflows: %s\n", fn);
                         return NULL;
                 }
-               memcpy(buf, dirbuf + prefix_skip, dirbuf_len - prefix_skip);
-               memcpy(buf + dirbuf_len - prefix_skip, fn, fn_len + 1);
+               memcpy(buf, dirbuf + prefix_skip, d_len);
+               memcpy(buf + d_len, fn, fn_len + 1);
                 fn_len = clean_fname(buf, CFN_COLLAPSE_DOT_DOT_DIRS);
         }
  
                 fn_len = clean_fname(buf, CFN_COLLAPSE_DOT_DOT_DIRS);
         }
author	Wayne Davison <wayned@samba.org>
	Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)
committer	Wayne Davison <wayned@samba.org>
	Wed, 26 Mar 2008 21:01:52 +0000 (14:01 -0700)