diff options
author | Oliver Kiddle <okiddle@yahoo.co.uk> | 2018-03-24 15:02:41 +0100 |
---|---|---|
committer | Oliver Kiddle <okiddle@yahoo.co.uk> | 2018-03-24 15:04:02 +0100 |
commit | 679b71ec4d852037fe5f73d35bf557b0f406c8d4 (patch) | |
tree | 234f10ef180dd3599bc8f0076d433865616f4dd2 /Src/utils.c | |
parent | beadc29214926723d3a83cdecb2016283c247054 (diff) | |
download | zsh-679b71ec4d852037fe5f73d35bf557b0f406c8d4.tar.gz zsh-679b71ec4d852037fe5f73d35bf557b0f406c8d4.tar.xz zsh-679b71ec4d852037fe5f73d35bf557b0f406c8d4.zip |
42518, CVE-2018-1071: check bounds when copying path in hashcmd()
Diffstat (limited to 'Src/utils.c')
-rw-r--r-- | Src/utils.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Src/utils.c b/Src/utils.c index 3b589aa35..998b16220 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -2283,10 +2283,10 @@ struncpy(char **s, char *t, int n) { char *u = *s; - while (n--) - *u++ = *t++; + while (n-- && (*u++ = *t++)); *s = u; - *u = '\0'; + if (n > 0) /* just one null-byte will do, unlike strncpy(3) */ + *u = '\0'; } /* Return the number of elements in an array of pointers. * |