projects / platform / upstream / rpm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f77387d)
Fix buffer overflow in macro shell escaping (#253971)
authorPanu Matilainen <pmatilai@redhat.com>
Mon, 27 Aug 2007 06:45:53 +0000 (09:45 +0300)
committerPanu Matilainen <pmatilai@redhat.com>
Mon, 27 Aug 2007 06:45:53 +0000 (09:45 +0300)
We know the required buffer size here, no point in using static buffer.

rpmio/macro.c patch | blob | history

diff --git a/rpmio/macro.c b/rpmio/macro.c
index e5b10e4..52a7bc5 100644 (file)
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -597,11 +597,14 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
        /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
        /*@modifies mb, rpmGlobalMacroContext, fileSystem @*/
 {
-    char pcmd[BUFSIZ];
+    char *pcmd;
     FILE *shf;
     int rc;
     int c;
 
+    pcmd = alloca(clen + 1);
+    memset(pcmd, 0, (clen + 1));
+
     strncpy(pcmd, cmd, clen);
     pcmd[clen] = '\0';
     rc = expandU(mb, pcmd, sizeof(pcmd));
Domain: SCM / Build;