passive is not a zero terminated string but a char * combined with a
length. If passivelen == 0, passive may very well be not NULL, and
dereferencing that pointer might not be safe. At the very least the
consistency check is wrong. Fix that by checking passivelen instead of
passive.
* libnetfs/file-set-trans.c (netfs_S_file_set_translator): Fix sanity check.
---
libnetfs/file-set-translator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libnetfs/file-set-translator.c b/libnetfs/file-set-translator.c
index 4c29d95..b107ccd 100644
--- a/libnetfs/file-set-translator.c
+++ b/libnetfs/file-set-translator.c
@@ -39,7 +39,7 @@ netfs_S_file_set_translator (struct protid *user,
if (!(passive_flags & FS_TRANS_SET) && !(active_flags & FS_TRANS_SET))
return 0;
- if (passive && passive[passivelen - 1])
+ if (passivelen && passive[passivelen - 1])
return EINVAL;
np = user->po->np;
--
1.7.10.4
