passive is not a zero terminated string but a char * combined with a
length. If passivelen == 0, passive may very well be not NULL, and
dereferencing that pointer might not be safe. At the very least the
consistency check is wrong. Fix that by checking passivelen instead of
passive.
* libdiskfs/file-set-trans.c (diskfs_S_file_set_translator): Fix sanity check.
---
libdiskfs/file-set-trans.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libdiskfs/file-set-trans.c b/libdiskfs/file-set-trans.c
index 3798001..49303e7 100644
--- a/libdiskfs/file-set-trans.c
+++ b/libdiskfs/file-set-trans.c
@@ -43,7 +43,7 @@ diskfs_S_file_set_translator (struct protid *cred,
if ((passive_flags & FS_TRANS_SET) && diskfs_check_readonly ())
return EROFS;
- if (passive && passive[passivelen - 1])
+ if (passivelen && passive[passivelen - 1])
return EINVAL;
np = cred->po->np;
--
1.7.10.4
