Branch: Tag:

2014-06-23

2014-06-23 09:31:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Runtime: Fixed buffer overrun in set_default_master().

The string "master.pike" is longer than the string "pike"...

Also fixes C99-ism.

96:      static void set_master(const char *file)   { -  if( master_file_location > _master_location+CONSTANT_STRLEN(MASTER_COOKIE) -  || master_file_location < _master_location) +  if( master_file_location != _master_location+CONSTANT_STRLEN(MASTER_COOKIE))    free(master_file_location);    master_file_location = strdup( file );   }
176:    if (!*mp) {    /* Attempt to find a master via the path to the binary. */    /* Note: We assume that MAXPATHLEN is > 18 characters. */ -  char tmp[strlen(bin_name)]; +  if (strlen(bin_name) + CONSTANT_STRLEN("master.pike") < MAXPATHLEN) { +  char tmp[MAXPATHLEN];    char *p;    strcpy(tmp, bin_name);    p = strrchr(tmp, '/');
185:    strcpy(p, "master.pike");    set_master( tmp );    } +  }   #endif       TRACE((stderr, "Default master at \"%s\"...\n", mp));