Removed potential buffer overflow.
This commit is contained in:
Eivind Eklund
parent
a0e8b36fc5
commit
ab25b7d505
@ -157,6 +157,7 @@ extern struct passwd *pw; /* pointer to static area used by getpwent */
|
||||
extern struct group *gr; /* pointer to static area used by getgrent */
|
||||
extern char host[]; /* host name of master copy */
|
||||
extern char buf[BUFSIZ]; /* general purpose buffer */
|
||||
extern char target[BUFSIZ]; /* target/source directory name */
|
||||
extern char *path_rsh; /* rsh command to use */
|
||||
|
||||
int any __P((int, char *));
|
||||
@ -168,7 +169,7 @@ void error __P((const char *, ...));
|
||||
int except __P((char *));
|
||||
struct namelist *
|
||||
expand __P((struct namelist *, int));
|
||||
char *exptilde __P((char [], char *));
|
||||
char *exptilde __P((char [], char *, int));
|
||||
void fatal __P((const char *, ...));
|
||||
int inlist __P((struct namelist *, char *));
|
||||
void insert __P((char *,
|
||||
|
||||
@ -479,7 +479,7 @@ cmptime(name)
|
||||
* first time cmptime() is called?
|
||||
*/
|
||||
if (tp == NULL) {
|
||||
if (exptilde(target, name) == NULL)
|
||||
if (exptilde(target, name, sizeof(target)) == NULL)
|
||||
return;
|
||||
tp = name = target;
|
||||
while (*tp)
|
||||
|
||||
@ -618,13 +618,16 @@ addpath(c)
|
||||
* part corresponding to `file'.
|
||||
*/
|
||||
char *
|
||||
exptilde(buf, file)
|
||||
exptilde(buf, file, maxlen)
|
||||
char buf[];
|
||||
register char *file;
|
||||
int maxlen;
|
||||
{
|
||||
register char *s1, *s2, *s3;
|
||||
extern char homedir[];
|
||||
|
||||
if (strlen(file) >= maxlen)
|
||||
return(NULL);
|
||||
if (*file != '~') {
|
||||
strcpy(buf, file);
|
||||
return(buf);
|
||||
@ -655,13 +658,15 @@ exptilde(buf, file)
|
||||
*s3 = '/';
|
||||
s2 = pw->pw_dir;
|
||||
}
|
||||
for (s1 = buf; (*s1++ = *s2++); )
|
||||
for (s1 = buf; (*s1++ = *s2++) && s1 < buf+maxlen; )
|
||||
;
|
||||
s2 = --s1;
|
||||
if (s3 != NULL) {
|
||||
if (s3 != NULL && s1 < buf+maxlen) {
|
||||
s2++;
|
||||
while ((*s1++ = *s3++))
|
||||
while ((*s1++ = *s3++) && s1 < buf+maxlen)
|
||||
;
|
||||
}
|
||||
if (s1 == buf+maxlen)
|
||||
return(NULL);
|
||||
return(s2);
|
||||
}
|
||||
|
||||
@ -115,7 +115,7 @@ server()
|
||||
case 't': /* init target file/directory name */
|
||||
catname = 0;
|
||||
dotarget:
|
||||
if (exptilde(target, cp) == NULL)
|
||||
if (exptilde(target, cp, sizeof(target)) == NULL)
|
||||
continue;
|
||||
tp = target;
|
||||
while (*tp)
|
||||
@ -176,7 +176,7 @@ server()
|
||||
continue;
|
||||
}
|
||||
if (*cp == '~') {
|
||||
if (exptilde(buf, cp) == NULL)
|
||||
if (exptilde(buf, cp, sizeof(buf)) == NULL)
|
||||
continue;
|
||||
cp = buf;
|
||||
}
|
||||
@ -248,7 +248,7 @@ install(src, dest, destdir, opts)
|
||||
return;
|
||||
}
|
||||
|
||||
rname = exptilde(target, src);
|
||||
rname = exptilde(target, src, sizeof(target));
|
||||
if (rname == NULL)
|
||||
return;
|
||||
tp = target;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user