github-repos/make
1
0
Fork 0
mirror of https://github.com/mirror/make.git synced 2025-02-10 03:40:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid overwriting buffers with long pathnames

Browse Source 
Reported, with initial patch, by Gisle Vanem <gvanem@online.no>

* src/main.c (find_and_set_default_shell) [W32]: Pass search_token
directly to w32ify: no need to make a copy first.  When we need to
construct a path, use snprintf() to be sure we don't overwrite
the locally-allocated buffer.
* src/w32/pathstuff.c (w32ify) [W32]: Use the malloc version of
_fullpath(), followed by strncpy(), to avoid overwriting buffers.
This commit is contained in:
Paul Smith 2022-06-17 19:55:11 -04:00
parent 59abb46bc9
commit 97e51c0285
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/main.c
View File

@ -941,7 +941,6 @@ find_and_set_default_shell (const char *token)
char *atoken = 0; char *atoken = 0;
const char *search_token; const char *search_token;
const char *tokend; const char *tokend;
PATH_VAR(sh_path);
extern const char *default_shell; extern const char *default_shell;
if (!token) if (!token)
@ -965,8 +964,7 @@ find_and_set_default_shell (const char *token)
{ {
batch_mode_shell = 1; batch_mode_shell = 1;
unixy_shell = 0; unixy_shell = 0;
sprintf (sh_path, "%s", search_token); default_shell = xstrdup (w32ify (search_token, 0));
default_shell = xstrdup (w32ify (sh_path, 0));
DB (DB_VERBOSE, (_("find_and_set_shell() setting default_shell = %s\n"), DB (DB_VERBOSE, (_("find_and_set_shell() setting default_shell = %s\n"),
default_shell)); default_shell));
sh_found = 1; sh_found = 1;
@ -980,8 +978,7 @@ find_and_set_default_shell (const char *token)
else if (_access (search_token, 0) == 0) else if (_access (search_token, 0) == 0)
{ {
/* search token path was found */ /* search token path was found */
sprintf (sh_path, "%s", search_token); default_shell = xstrdup (w32ify (search_token, 0));
default_shell = xstrdup (w32ify (sh_path, 0));
DB (DB_VERBOSE, (_("find_and_set_shell() setting default_shell = %s\n"), DB (DB_VERBOSE, (_("find_and_set_shell() setting default_shell = %s\n"),
default_shell)); default_shell));
sh_found = 1; sh_found = 1;
@ -1001,9 +998,11 @@ find_and_set_default_shell (const char *token)
while (ep && *ep) while (ep && *ep)
{ {
PATH_VAR (sh_path);
*ep = '\0'; *ep = '\0';
sprintf (sh_path, "%s/%s", p, search_token); snprintf (sh_path, GET_PATH_MAX, "%s/%s", p, search_token);
if (_access (sh_path, 0) == 0) if (_access (sh_path, 0) == 0)
{ {
default_shell = xstrdup (w32ify (sh_path, 0)); default_shell = xstrdup (w32ify (sh_path, 0));
@ -1025,7 +1024,8 @@ find_and_set_default_shell (const char *token)
/* be sure to check last element of Path */ /* be sure to check last element of Path */
if (p && *p) if (p && *p)
{ {
sprintf (sh_path, "%s/%s", p, search_token); PATH_VAR (sh_path);
snprintf (sh_path, GET_PATH_MAX, "%s/%s", p, search_token);
if (_access (sh_path, 0) == 0) if (_access (sh_path, 0) == 0)
{ {
default_shell = xstrdup (w32ify (sh_path, 0)); default_shell = xstrdup (w32ify (sh_path, 0));

6
src/w32/pathstuff.c
View File

@ -100,7 +100,11 @@ w32ify(const char *filename, int resolve)
char *p; char *p;
if (resolve) if (resolve)
_fullpath(w32_path, filename, sizeof (w32_path)); {
char *fp = _fullpath (NULL, filename, sizeof (w32_path));
strncpy (w32_path, fp, sizeof (w32_path));
free (fp);
}
else else
strncpy(w32_path, filename, sizeof (w32_path)); strncpy(w32_path, filename, sizeof (w32_path));