as6e: Avoid out of bound access

This fixes a crash due to a stack corruption.
To reproduce the bug, set a path within the PATH variable, to something,
which exceeds 128 chars. Maybe more chars are needed, to reach the stack
corruption.

backend/as6e.c

@@ -799,7 +799,7 @@ check_for_driver (const char *devname)
   char *path;
   char fullname[NAMESIZE];
   char dir[NAMESIZE];
-  int count = 0, offset = 0;
+  int count = 0, offset = 0, valid;
 
   path = getenv ("PATH");
   if (!path)
@@ -808,11 +808,18 @@ check_for_driver (const char *devname)
     {
       memset (fullname, '\0', sizeof (fullname));
       memset (dir, '\0', sizeof (dir));
+      valid = 1;
       while ((path[count] != ':') && (path[count] != '\0'))
 	{
+	  /* prevent writing data, which are out of bounds */
+	  if ((unsigned int)(count - offset) < sizeof (dir))
 	    dir[count - offset] = path[count];
+	  else
+	    valid = 0;
 	  count++;
 	}
+	if (valid == 1)
+	{
         /* use sizeof(fullname)-1 to make sure there is at least one padded null byte */
         strncpy (fullname, dir, sizeof(fullname)-1);
         /* take into account that fullname already contains non-null bytes */
@@ -824,6 +831,7 @@ check_for_driver (const char *devname)
 	    if (S_ISREG (modes))
 	      return (1);		/* found as6edriver */
 	  }
+	}
       if (path[count] == '\0')
 	return (0);		/* end of path --no driver found */
       count++;