From 677aecb9cfd26dd078a0a58d4babc8945a39b55f Mon Sep 17 00:00:00 2001 From: jasper Date: Thu, 6 Sep 2007 06:01:14 +0000 Subject: fix buffer overflow, as sizeof(paths) won't fit inside the array. from Stefan Kempf "looks right to me" matthieu@ --- kbfunc.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'kbfunc.c') diff --git a/kbfunc.c b/kbfunc.c index adb4d82..ca2e13b 100644 --- a/kbfunc.c +++ b/kbfunc.c @@ -4,7 +4,7 @@ * Copyright (c) 2004 Martin Murray * All rights reserved. * - * $Id: kbfunc.c,v 1.6 2007/06/27 13:28:22 todd Exp $ + * $Id: kbfunc.c,v 1.7 2007/09/06 06:01:14 jasper Exp $ */ #include @@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg) void kbfunc_exec(struct client_ctx *scratch, void *arg) { - char **ap, *paths[256], *path, tpath[MAXPATHLEN]; +#define NPATHS 256 + char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN]; int l, i, j, ngroups; gid_t mygroups[NGROUPS_MAX]; uid_t ruid, euid, suid; @@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg) TAILQ_INIT(&menuq); /* just use default path until we have config to set this */ path = xstrdup(_PATH_DEFPATH); - for (ap = paths; ap < &paths[sizeof(paths) - 1] && + for (ap = paths; ap < &paths[NPATHS - 1] && (*ap = strsep(&path, ":")) != NULL;) { if (**ap != '\0') ap++; } *ap = NULL; - for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) { + for (i = 0; i < NPATHS && paths[i] != NULL; i++) { if ((dirp = opendir(paths[i])) == NULL) continue; -- cgit v1.2.3-2-gb3c3