From 05848673965c20c4a0be4d3d0b024b75ba234e51 Mon Sep 17 00:00:00 2001
From: jasper <jasper>
Date: Thu, 6 Sep 2007 06:01:14 +0000
Subject: fix buffer overflow, as sizeof(paths) won't fit inside the array.

from Stefan Kempf

"looks right to me" matthieu@
---
 kbfunc.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'kbfunc.c')

diff --git a/kbfunc.c b/kbfunc.c
index 1b7cfc4..85fee93 100644
--- a/kbfunc.c
+++ b/kbfunc.c
@@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg)
 void
 kbfunc_exec(struct client_ctx *scratch, void *arg)
 {
-	char **ap, *paths[256], *path, tpath[MAXPATHLEN];
+#define NPATHS 256
+	char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN];
 	int l, i, j, ngroups;
 	gid_t mygroups[NGROUPS_MAX];
 	uid_t ruid, euid, suid;
@@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg)
 	TAILQ_INIT(&menuq);
 	/* just use default path until we have config to set this */
 	path = xstrdup(_PATH_DEFPATH);
-	for (ap = paths; ap < &paths[sizeof(paths) - 1] &&
+	for (ap = paths; ap < &paths[NPATHS - 1] &&
 	    (*ap = strsep(&path, ":")) != NULL;) {
 		if (**ap != '\0')
 			ap++;
 	}
 	*ap = NULL;
-	for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) {
+	for (i = 0; i < NPATHS && paths[i] != NULL; i++) {
 		if ((dirp = opendir(paths[i])) == NULL)
 			continue;
 
-- 
cgit 1.4.1