Check the buffer size when copying the line returned by el_gets() into our

own buffer. Interactively typing in long lines (>1023 characters) previously overflowed the buffer. Unlike the NetBSD people I don't see the need to subtract 8 from BUFSIZ, so I just used BUFSIZ-1. Obtained from: NetBSD PR: 91110
2006-04-29 10:29:10 +00:00 · 2006-04-29 10:29:10 +00:00 · 896229d920
commit 896229d920
parent cef31ff7d9
1 changed files with 13 additions and 4 deletions
--- a/bin/sh/input.c
+++ b/bin/sh/input.c
@ -184,14 +184,23 @@ preadfd(void)
 retry:
 #ifndef NO_HISTORY
 	if (parsefile->fd == 0 && el) {
-		const char *rl_cp;
+		static const char *rl_cp;
+		static int el_len;

-		rl_cp = el_gets(el, &nr);
+		if (rl_cp == NULL)
+			rl_cp = el_gets(el, &el_len);
 		if (rl_cp == NULL)
 			nr = 0;
 		else {
-			/* XXX - BUFSIZE should redesign so not necessary */
-			(void) strcpy(parsenextc, rl_cp);
+			nr = el_len;
+			if (nr > BUFSIZ - 1)
+				nr = BUFSIZ - 1;
+			memcpy(parsenextc, rl_cp, nr);
+			if (nr != el_len) {
+				el_len -= nr;
+				rl_cp += nr;
+			} else
+				rl_cp = NULL;
 		}
 	} else
 #endif