From: Wayne Davison <wayned@samba.org>
Date: Wed, 26 Mar 2008 21:01:52 +0000 (-0700)
Subject: Improved a length check in parse_merge_name().
X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/commitdiff_plain/9793bbb3646cbaa816d074dc925a4f4f7d40089f

Improved a length check in parse_merge_name().
---

diff --git a/exclude.c b/exclude.c
index 9db8f1af..085d2642 100644
--- a/exclude.c
+++ b/exclude.c
@@ -332,12 +332,13 @@ static char *parse_merge_name(const char *merge_file, unsigned int *len_ptr,
 
 	/* If the name isn't in buf yet, it's wasn't absolute. */
 	if (fn != buf) {
-		if (dirbuf_len + fn_len >= MAXPATHLEN) {
+		int d_len = dirbuf_len - prefix_skip;
+		if (d_len + fn_len >= MAXPATHLEN) {
 			rprintf(FERROR, "merge-file name overflows: %s\n", fn);
 			return NULL;
 		}
-		memcpy(buf, dirbuf + prefix_skip, dirbuf_len - prefix_skip);
-		memcpy(buf + dirbuf_len - prefix_skip, fn, fn_len + 1);
+		memcpy(buf, dirbuf + prefix_skip, d_len);
+		memcpy(buf + d_len, fn, fn_len + 1);
 		fn_len = clean_fname(buf, CFN_COLLAPSE_DOT_DOT_DIRS);
 	}