Ignore:
Timestamp:
Oct 24, 2014, 4:01:38 PM (11 years ago)
Author:
bird
Message:

trunk,0.6: Fixed buffer overflow in fsResolveUnix that would trigger if the input path was too long.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/libc/src/kNIX/os2/fs-os2.c

    r3912 r3914  
    978978            {
    979979                if ((uintptr_t)(pszUserPath - pachBuffer) > SIZEOF_ACHBUFFER)
    980                     pszUserPath = strcpy(pachBuffer, pszUserPath);
     980                {
     981                    size_t cbUserPath = strlen(pszUserPath) + 1;
     982                    if (cbUserPath > PATH_MAX)
     983                    {
     984                        rcRet = -ENAMETOOLONG;
     985                        break;
     986                    }
     987                    pszUserPath = memcpy(pachBuffer, pszUserPath, cbUserPath);
     988                }
    981989                *(char *)(void *)pszUserPath += 'A' - 'a';
    982990            }
Note: See TracChangeset for help on using the changeset viewer.