diff options
author | Peter Stephenson <pws@users.sourceforge.net> | 2011-01-05 18:22:08 +0000 |
---|---|---|
committer | Peter Stephenson <pws@users.sourceforge.net> | 2011-01-05 18:22:08 +0000 |
commit | dd0ad1ac2310853e3d4963c5715de6a9c058479f (patch) | |
tree | 5dbacc145309379af9fc3f41d1b206ff6c1bb746 /Src | |
parent | 564fd4e8db65f4da6a80c93a492b46ff748d1f28 (diff) | |
download | zsh-dd0ad1ac2310853e3d4963c5715de6a9c058479f.tar.gz zsh-dd0ad1ac2310853e3d4963c5715de6a9c058479f.tar.xz zsh-dd0ad1ac2310853e3d4963c5715de6a9c058479f.zip |
28568: buffer overflow examining paths
Diffstat (limited to 'Src')
-rw-r--r-- | Src/utils.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/Src/utils.c b/Src/utils.c index b64530bcc..a1cac2537 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -3667,16 +3667,22 @@ mindist(char *dir, char *mindistguess, char *mindistbest) int mindistd, nd; DIR *dd; char *fn; - char buf[PATH_MAX]; + char *buf; if (dir[0] == '\0') dir = "."; mindistd = 100; + + buf = zalloc(strlen(dir) + strlen(mindistguess) + 2); sprintf(buf, "%s/%s", dir, mindistguess); + if (access(unmeta(buf), F_OK) == 0) { strcpy(mindistbest, mindistguess); + free(buf); return 0; } + free(buf); + if (!(dd = opendir(unmeta(dir)))) return mindistd; while ((fn = zreaddir(dd, 0))) { |