[src/netbsd-1-5]: src/gnu/usr.bin/gzip Pull up revision 1.9 (requested by ito...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/79989ae2da99
branches:  netbsd-1-5
changeset: 492565:79989ae2da99
user:      he <he%NetBSD.org@localhost>
date:      Wed Jan 16 10:03:34 2002 +0000

description:
Pull up revision 1.9 (requested by itojun):
  Fix long file name buffer overrun vulnerability.

diffstat:

 gnu/usr.bin/gzip/gzip.c |  11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diffs (28 lines):

diff -r 25da2b687d05 -r 79989ae2da99 gnu/usr.bin/gzip/gzip.c
--- a/gnu/usr.bin/gzip/gzip.c   Wed Jan 16 10:01:56 2002 +0000
+++ b/gnu/usr.bin/gzip/gzip.c   Wed Jan 16 10:03:34 2002 +0000
@@ -45,7 +45,7 @@
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.6 1999/08/20 02:36:28 simonb Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.6.6.1 2002/01/16 10:03:34 he Exp $";
 #endif
 
 #include <ctype.h>
@@ -1005,7 +1005,14 @@
 #ifdef NO_MULTIPLE_DOTS
     char *dot; /* pointer to ifname extension, or NULL */
 #endif
-
+    int max_suffix_len = (z_len > 3 ? z_len : 3);
+ 
+    /* Leave enough room in ifname or ofname for suffix: */
+    if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
+       strncpy(ifname, iname, sizeof(ifname) - 1);
+       /* last byte of ifname is already zero and never overwritten */
+       error("file name too long");
+    }
     strcpy(ifname, iname);
 
     /* If input file exists, return OK. */