Update to Win32-0.43 from CPAN

diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl
index 15eb3fb..e2f7d28 100755 (executable)
--- a/Porting/Maintainers.pl
+++ b/Porting/Maintainers.pl
@@ -1640,7 +1640,7 @@ use File::Glob qw(:case);
     'Win32' =>
        {
        'MAINTAINER'    => 'jand',
-       'DISTRIBUTION'  => "JDB/Win32-0.42.tar.gz",
+       'DISTRIBUTION'  => "JDB/Win32-0.43.tar.gz",
        'FILES'         => q[cpan/Win32],
        'UPSTREAM'      => 'cpan',
        },

diff --git a/cpan/Win32/Changes b/cpan/Win32/Changes
index 00c7407..7a42597 100644 (file)
--- a/cpan/Win32/Changes
+++ b/cpan/Win32/Changes
@@ -1,5 +1,9 @@
 Revision history for the Perl extension Win32.\r
 \r
+0.43   [2011-01-12]\r
+       - fix a few potential buffer overrun bugs reported by Alex Davies.\r
+         [perl#78710]\r
+\r
 0.42   [2011-01-06]\r
        - remove brittle test for Win32::GetLongPathName($ENV{SYSTEMROOT})\r
          which will fail if the case of the environment value doesn't\r

diff --git a/cpan/Win32/Win32.pm b/cpan/Win32/Win32.pm
index 792ed7f..cfc5bb9 100644 (file)
--- a/cpan/Win32/Win32.pm
+++ b/cpan/Win32/Win32.pm
@@ -8,7 +8,7 @@ package Win32;
     require DynaLoader;\r
 \r
     @ISA = qw|Exporter DynaLoader|;\r
-    $VERSION = '0.42';\r
+    $VERSION = '0.43';\r
     $XS_VERSION = $VERSION;\r
     $VERSION = eval $VERSION;\r
 \r

diff --git a/cpan/Win32/Win32.xs b/cpan/Win32/Win32.xs
index f6d96b4..9c4ea33 100644 (file)
--- a/cpan/Win32/Win32.xs
+++ b/cpan/Win32/Win32.xs
@@ -1483,7 +1483,8 @@ XS(w32_GetFullPathName)
             /* fullname is the MAX_PATH+1 sized buffer returned from PerlDir_mapA()\r
              * or the 2*MAX_PATH sized local buffer in the __CYGWIN__ case.\r
              */\r
-            strcpy(lastchar+1, "\\");\r
+            if (lastchar - fullname < MAX_PATH - 1)\r
+                strcpy(lastchar+1, "\\");\r
         }\r
     }\r
 \r
@@ -1519,13 +1520,15 @@ XS(w32_GetLongPathName)
         WCHAR wide_path[MAX_PATH+1];\r
         WCHAR *long_path;\r
 \r
-        wcscpy(wide_path, wstr);\r
-        Safefree(wstr);\r
-        long_path = my_longpathW(wide_path);\r
-        if (long_path) {\r
-            ST(0) = wstr_to_sv(aTHX_ long_path);\r
-            XSRETURN(1);\r
+        if (wcslen(wstr) < countof(wide_path)) {\r
+            wcscpy(wide_path, wstr);\r
+            long_path = my_longpathW(wide_path);\r
+            if (long_path) {\r
+                ST(0) = wstr_to_sv(aTHX_ long_path);\r
+                XSRETURN(1);\r
+            }\r
         }\r
+        Safefree(wstr);\r
     }\r
     else {\r
         SV *path;\r
@@ -1535,11 +1538,13 @@ XS(w32_GetLongPathName)
 \r
         path = ST(0);\r
         pathstr = SvPV(path,len);\r
-        strcpy(tmpbuf, pathstr);\r
-        pathstr = my_longpathA(tmpbuf);\r
-        if (pathstr) {\r
-            ST(0) = sv_2mortal(newSVpvn(pathstr, strlen(pathstr)));\r
-            XSRETURN(1);\r
+        if (len < sizeof(tmpbuf)) {\r
+            strcpy(tmpbuf, pathstr);\r
+            pathstr = my_longpathA(tmpbuf);\r
+            if (pathstr) {\r
+                ST(0) = sv_2mortal(newSVpvn(pathstr, strlen(pathstr)));\r
+                XSRETURN(1);\r
+            }\r
         }\r
     }\r
     XSRETURN_EMPTY;\r
@@ -1572,14 +1577,19 @@ XS(w32_CopyFile)
 {\r
     dXSARGS;\r
     BOOL bResult;\r
+    char *pszSourceFile;\r
     char szSourceFile[MAX_PATH+1];\r
 \r
     if (items != 3)\r
        Perl_croak(aTHX_ "usage: Win32::CopyFile($from, $to, $overwrite)");\r
-    strcpy(szSourceFile, PerlDir_mapA(SvPV_nolen(ST(0))));\r
-    bResult = CopyFileA(szSourceFile, PerlDir_mapA(SvPV_nolen(ST(1))), !SvTRUE(ST(2)));\r
-    if (bResult)\r
-       XSRETURN_YES;\r
+\r
+    pszSourceFile = PerlDir_mapA(SvPV_nolen(ST(0)));\r
+    if (strlen(pszSourceFile) < sizeof(szSourceFile)) {\r
+        strcpy(szSourceFile, pszSourceFile);\r
+        bResult = CopyFileA(szSourceFile, PerlDir_mapA(SvPV_nolen(ST(1))), !SvTRUE(ST(2)));\r
+        if (bResult)\r
+            XSRETURN_YES;\r
+    }\r
     XSRETURN_NO;\r
 }\r
 \r