mirror/cwm
1
0
Fork 0
mirror of https://github.com/leahneukirchen/cwm.git synced 2023-08-10 21:13:12 +03:00
Code Issues Projects Releases Wiki Activity

fix buffer overflow, as sizeof(paths) won't fit inside the array.

Browse Source 
from Stefan Kempf

"looks right to me" matthieu@
This commit is contained in:
jasper 2007-09-06 06:01:14 +00:00
parent 964a1e73a7
commit 0584867396
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
kbfunc.c
View File

@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg)
void void
kbfunc_exec(struct client_ctx *scratch, void *arg) kbfunc_exec(struct client_ctx *scratch, void *arg)
{ {
char **ap, *paths[256], *path, tpath[MAXPATHLEN]; #define NPATHS 256
char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN];
int l, i, j, ngroups; int l, i, j, ngroups;
gid_t mygroups[NGROUPS_MAX]; gid_t mygroups[NGROUPS_MAX];
uid_t ruid, euid, suid; uid_t ruid, euid, suid;
@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg)
TAILQ_INIT(&menuq); TAILQ_INIT(&menuq);
/* just use default path until we have config to set this */ /* just use default path until we have config to set this */
path = xstrdup(_PATH_DEFPATH); path = xstrdup(_PATH_DEFPATH);
for (ap = paths; ap < &paths[sizeof(paths) - 1] && for (ap = paths; ap < &paths[NPATHS - 1] &&
(*ap = strsep(&path, ":")) != NULL;) { (*ap = strsep(&path, ":")) != NULL;) {
if (**ap != '\0') if (**ap != '\0')
ap++; ap++;
} }
*ap = NULL; *ap = NULL;
for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) { for (i = 0; i < NPATHS && paths[i] != NULL; i++) {
if ((dirp = opendir(paths[i])) == NULL) if ((dirp = opendir(paths[i])) == NULL)
continue; continue;