9pfuse: better handling of SETXATTR (sqweek)
diff --git a/src/cmd/9pfuse/fuse.c b/src/cmd/9pfuse/fuse.c
index e78bae8..5057bde 100644
--- a/src/cmd/9pfuse/fuse.c
+++ b/src/cmd/9pfuse/fuse.c
@@ -45,7 +45,7 @@
readfusemsg(void)
{
FuseMsg *m;
- int n;
+ int n, nn;
m = allocfusemsg();
errno = 0;
@@ -173,10 +173,13 @@
goto bad;
break;
case FUSE_SETXATTR:
- /* struct and two strings */
- if(m->hdr->len <= sizeof(struct fuse_setxattr_in)
- || ((char*)m->tx)[m->hdr->len-1] != 0
- || memchr((uchar*)m->tx+sizeof(struct fuse_setxattr_in), 0, m->hdr->len-sizeof(struct fuse_setxattr_in)-1) == 0)
+ /* struct, one string, and one binary blob */
+ if(m->hdr->len <= sizeof(struct fuse_setxattr_in))
+ goto bad;
+ nn = ((struct fuse_setxattr_in*)m->tx)->size;
+ if(m->hdr->len < sizeof(struct fuse_setxattr_in)+nn+1)
+ goto bad;
+ if(((char*)m->tx)[m->hdr->len-nn-1] != 0)
goto bad;
break;
case FUSE_GETXATTR:
