From: NeilBrown <neilb@suse.de>
Date: Tue, 1 May 2012 19:26:54 +0000 (-0400)
Subject: v4_root_add_parents: remove a possible buffer overflow.
X-Git-Tag: nfs-utils-1-2-6-rc7~6
X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=4bcb8664cf44176a99fc2c4b92e7f28ee705a7d9;hp=4bcb8664cf44176a99fc2c4b92e7f28ee705a7d9;p=nfs-utils.git

v4_root_add_parents: remove a possible buffer overflow.

The loop in v4root_add_parents() is a little odd.
The first time through, 'ptr' points immediately "beyond"
a '/' character (the first).  For every other iterration it points
directly "at" a '/' character.
Such inconsistency is error prone and infact there is an error.
If "path" is precisely "/", then the first call to
   ptr = strchr(ptr, '/')

will be given a 'ptr' which is beyond the '\0' at the end of
"path".  This could potentially contain anything and the strchr()
could search well beyond a buffer (though this depends on exactly how
the string is set up which depends on separate code).

So change the loop to have 'ptr' always point at a '/', and
handle the special case of "/" explicitly.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---