Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/gnu/usr.bin/gzip Pull up revision 1.9 (requested by ito...
details: https://anonhg.NetBSD.org/src/rev/30716343043c
branches: netbsd-1-4
changeset: 471326:30716343043c
user: he <he%NetBSD.org@localhost>
date: Wed Jan 16 09:06:07 2002 +0000
description:
Pull up revision 1.9 (requested by itojun):
Fix long file name buffer overrun vulnerability.
diffstat:
gnu/usr.bin/gzip/gzip.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r a19f9014c6d0 -r 30716343043c gnu/usr.bin/gzip/gzip.c
--- a/gnu/usr.bin/gzip/gzip.c Mon Jan 14 15:23:57 2002 +0000
+++ b/gnu/usr.bin/gzip/gzip.c Wed Jan 16 09:06:07 2002 +0000
@@ -45,7 +45,7 @@
*/
#ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.3 1998/03/06 18:17:13 tv Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.3.2.1 2002/01/16 09:06:07 he Exp $";
#endif
#include <ctype.h>
@@ -1005,7 +1005,14 @@
#ifdef NO_MULTIPLE_DOTS
char *dot; /* pointer to ifname extension, or NULL */
#endif
-
+ int max_suffix_len = (z_len > 3 ? z_len : 3);
+
+ /* Leave enough room in ifname or ofname for suffix: */
+ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
+ strncpy(ifname, iname, sizeof(ifname) - 1);
+ /* last byte of ifname is already zero and never overwritten */
+ error("file name too long");
+ }
strcpy(ifname, iname);
/* If input file exists, return OK. */
Home |
Main Index |
Thread Index |
Old Index