diff options
| author | jasper <jasper> | 2007-09-06 06:01:14 +0000 |
|---|---|---|
| committer | jasper <jasper> | 2007-09-06 06:01:14 +0000 |
| commit | 05848673965c20c4a0be4d3d0b024b75ba234e51 (patch) | |
| tree | f3956caa9e21f31ca17bb72b59695916349a6881 | |
| parent | 964a1e73a7bf3a4723f6f07f5e161dfd63199c6f (diff) | |
| download | cwm-05848673965c20c4a0be4d3d0b024b75ba234e51.tar.gz cwm-05848673965c20c4a0be4d3d0b024b75ba234e51.tar.xz cwm-05848673965c20c4a0be4d3d0b024b75ba234e51.zip | |
fix buffer overflow, as sizeof(paths) won't fit inside the array.
from Stefan Kempf "looks right to me" matthieu@
| -rw-r--r-- | kbfunc.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/kbfunc.c b/kbfunc.c index 1b7cfc4..85fee93 100644 --- a/kbfunc.c +++ b/kbfunc.c @@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg) void kbfunc_exec(struct client_ctx *scratch, void *arg) { - char **ap, *paths[256], *path, tpath[MAXPATHLEN]; +#define NPATHS 256 + char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN]; int l, i, j, ngroups; gid_t mygroups[NGROUPS_MAX]; uid_t ruid, euid, suid; @@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg) TAILQ_INIT(&menuq); /* just use default path until we have config to set this */ path = xstrdup(_PATH_DEFPATH); - for (ap = paths; ap < &paths[sizeof(paths) - 1] && + for (ap = paths; ap < &paths[NPATHS - 1] && (*ap = strsep(&path, ":")) != NULL;) { if (**ap != '\0') ap++; } *ap = NULL; - for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) { + for (i = 0; i < NPATHS && paths[i] != NULL; i++) { if ((dirp = opendir(paths[i])) == NULL) continue; |