sh: Fix bss-based buffer overflow in . builtin.

If the length of a directory in PATH together with the given filename exceeded FILENAME_MAX (which may happen even for pathnames that work), a static buffer was overflown. The static buffer is unnecessary, we can use the stalloc() stack. Obtained from: NetBSD MFC after: 1 week
svn path=/head/; revision=222173
2011-05-22 12:12:28 +00:00 · 2011-05-22 12:12:28 +00:00 · c9e93e6739 · 2020-12-20 02:59:44 +00:00
commit c9e93e6739
parent 1cb2359e6f
1 changed files with 7 additions and 4 deletions
--- a/bin/sh/main.c
+++ b/bin/sh/main.c
@ -281,7 +281,6 @@ readcmdfile(const char *name)
 static char *
 find_dot_file(char *basename)
 {
-	static char localname[FILENAME_MAX+1];
 	char *fullname;
 	const char *path = pathval();
 	struct stat statb;
@ -291,10 +290,14 @@ find_dot_file(char *basename)
 		return basename;

 	while ((fullname = padvance(&path, basename)) != NULL) {
-		strcpy(localname, fullname);
+		if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) {
+			/*
+			 * Don't bother freeing here, since it will
+			 * be freed by the caller.
+			 */
+			return fullname;
+		}
 		stunalloc(fullname);
-		if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode))
-			return localname;
 	}
 	return basename;
 }