commit - 4712e22300315fcad068cc611de6866bb1e2a502
commit + 869875b48b4455937fdddb7c98fbff7699c1effb
blob - e78bae88bca23f895841198ad07dac37b2fe7735
blob + 5057bde149c1422acdf36a8759260c4181884231
--- src/cmd/9pfuse/fuse.c
+++ src/cmd/9pfuse/fuse.c
readfusemsg(void)
{
FuseMsg *m;
- int n;
+ int n, nn;
m = allocfusemsg();
errno = 0;
goto bad;
break;
case FUSE_SETXATTR:
- /* struct and two strings */
- if(m->hdr->len <= sizeof(struct fuse_setxattr_in)
- || ((char*)m->tx)[m->hdr->len-1] != 0
- || memchr((uchar*)m->tx+sizeof(struct fuse_setxattr_in), 0, m->hdr->len-sizeof(struct fuse_setxattr_in)-1) == 0)
+ /* struct, one string, and one binary blob */
+ if(m->hdr->len <= sizeof(struct fuse_setxattr_in))
+ goto bad;
+ nn = ((struct fuse_setxattr_in*)m->tx)->size;
+ if(m->hdr->len < sizeof(struct fuse_setxattr_in)+nn+1)
+ goto bad;
+ if(((char*)m->tx)[m->hdr->len-nn-1] != 0)
goto bad;
break;
case FUSE_GETXATTR:
