make sure name_len is not negative

This change adds a check to make sure name_len is not negative. This change was made to prevent memory corruption from occurring if name_len is negative.
2019-10-03 15:42:33 +02:00 · 2019-10-03 15:42:33 +02:00 · ad9475f6bf
commit ad9475f6bf
parent bf0147da26
1 changed files with 1 additions and 1 deletions
--- a/minix/servers/vfs/path.c
+++ b/minix/servers/vfs/path.c
@ -621,7 +621,7 @@ get_name(struct vnode *dirp, struct vnode *entry, char ename[NAME_MAX + 1])
 		cur = (struct dirent *) (buf + consumed);
 		name_len = cur->d_reclen - offsetof(struct dirent, d_name) - 1;

-		if(cur->d_name + name_len+1 > &buf[sizeof(buf)])
+		if(name_len < 0 || cur->d_name + name_len+1 > &buf[sizeof(buf)])
 			return(EINVAL);	/* Rubbish in dir entry */
 		if (entry->v_inode_nr == cur->d_fileno) {
 			/* found the entry we were looking for */