projects
/
platform
/
upstream
/
rpm.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f77387d
)
Fix buffer overflow in macro shell escaping (#253971)
author
Panu Matilainen
<pmatilai@redhat.com>
Mon, 27 Aug 2007 06:45:53 +0000
(09:45 +0300)
committer
Panu Matilainen
<pmatilai@redhat.com>
Mon, 27 Aug 2007 06:45:53 +0000
(09:45 +0300)
We know the required buffer size here, no point in using static buffer.
rpmio/macro.c
patch
|
blob
|
history
diff --git
a/rpmio/macro.c
b/rpmio/macro.c
index
e5b10e4
..
52a7bc5
100644
(file)
--- a/
rpmio/macro.c
+++ b/
rpmio/macro.c
@@
-597,11
+597,14
@@
doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
/*@modifies mb, rpmGlobalMacroContext, fileSystem @*/
{
- char
pcmd[BUFSIZ]
;
+ char
*pcmd
;
FILE *shf;
int rc;
int c;
+ pcmd = alloca(clen + 1);
+ memset(pcmd, 0, (clen + 1));
+
strncpy(pcmd, cmd, clen);
pcmd[clen] = '\0';
rc = expandU(mb, pcmd, sizeof(pcmd));