Date: Sun, 22 May 2011 12:12:28 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r222173 - head/bin/sh Message-ID: <201105221212.p4MCCSCn073812@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jilles Date: Sun May 22 12:12:28 2011 New Revision: 222173 URL: http://svn.freebsd.org/changeset/base/222173 Log: sh: Fix bss-based buffer overflow in . builtin. If the length of a directory in PATH together with the given filename exceeded FILENAME_MAX (which may happen even for pathnames that work), a static buffer was overflown. The static buffer is unnecessary, we can use the stalloc() stack. Obtained from: NetBSD MFC after: 1 week Modified: head/bin/sh/main.c Modified: head/bin/sh/main.c ============================================================================== --- head/bin/sh/main.c Sun May 22 09:58:48 2011 (r222172) +++ head/bin/sh/main.c Sun May 22 12:12:28 2011 (r222173) @@ -281,7 +281,6 @@ readcmdfile(const char *name) static char * find_dot_file(char *basename) { - static char localname[FILENAME_MAX+1]; char *fullname; const char *path = pathval(); struct stat statb; @@ -291,10 +290,14 @@ find_dot_file(char *basename) return basename; while ((fullname = padvance(&path, basename)) != NULL) { - strcpy(localname, fullname); + if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) { + /* + * Don't bother freeing here, since it will + * be freed by the caller. + */ + return fullname; + } stunalloc(fullname); - if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) - return localname; } return basename; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105221212.p4MCCSCn073812>