d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes a potential buffer overflow with 'ed [MAXPATHLEN + 1 characters]'.

Browse Source 
Submitted by:	Mike Heffner <spock@techfour.net>
Submitted on:	audit@freebsd.org
This commit is contained in:
Josef Karthauser 2000-04-30 20:46:14 +00:00
parent 2c9b67a8df
commit 2ef72bc152
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=59797
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/ed/main.c
View File

@ -175,7 +175,9 @@ main(argc, argv)
if (read_file(*argv, 0) < 0 && !isatty(0))
quit(2);
else if (**argv != '!')
strcpy(old_filename, *argv);
if (strlcpy(old_filename, *argv, sizeof(old_filename))
>= sizeof(old_filename))
quit(2);
} else if (argc) {
fputs("?\n", stderr);
if (**argv == '\0')
@ -1345,8 +1347,8 @@ strip_escapes(s)
int i = 0;
REALLOC(file, filesz, MAXPATHLEN + 1, NULL);
/* assert: no trailing escape */
while ((file[i++] = (*s == '\\') ? *++s : *s))
while (i < filesz - 1 /* Worry about a possible trailing escape */
&& (file[i++] = (*s == '\\') ? *++s : *s))
s++;
return file;
}