svn commit: r222452 - stable/8/bin/sh
Jilles Tjoelker
jilles at FreeBSD.org
Sun May 29 15:07:53 UTC 2011
Author: jilles
Date: Sun May 29 15:07:53 2011
New Revision: 222452
URL: http://svn.freebsd.org/changeset/base/222452
Log:
MFC r222173: sh: Fix bss-based buffer overflow in . builtin.
If the length of a directory in PATH together with the given filename
exceeded FILENAME_MAX (which may happen even for pathnames that work), a
static buffer was overflown.
The static buffer is unnecessary, we can use the stalloc() stack.
Obtained from: NetBSD
Modified:
stable/8/bin/sh/main.c
Directory Properties:
stable/8/bin/sh/ (props changed)
Modified: stable/8/bin/sh/main.c
==============================================================================
--- stable/8/bin/sh/main.c Sun May 29 15:02:10 2011 (r222451)
+++ stable/8/bin/sh/main.c Sun May 29 15:07:53 2011 (r222452)
@@ -296,7 +296,6 @@ readcmdfile(const char *name)
static char *
find_dot_file(char *basename)
{
- static char localname[FILENAME_MAX+1];
char *fullname;
const char *path = pathval();
struct stat statb;
@@ -306,10 +305,14 @@ find_dot_file(char *basename)
return basename;
while ((fullname = padvance(&path, basename)) != NULL) {
- strcpy(localname, fullname);
+ if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) {
+ /*
+ * Don't bother freeing here, since it will
+ * be freed by the caller.
+ */
+ return fullname;
+ }
stunalloc(fullname);
- if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode))
- return localname;
}
return basename;
}
More information about the svn-src-all
mailing list