fix buffer overflow, as sizeof(paths) won't fit inside the array.

from Stefan Kempf "looks right to me" matthieu@
2007-09-06 06:01:14 +00:00 · 2007-09-06 06:01:14 +00:00 · 3bbf519bbb
commit 3bbf519bbb
parent ceb782213d
1 changed files with 5 additions and 4 deletions
--- a/app/cwm/kbfunc.c
+++ b/app/cwm/kbfunc.c
@ -4,7 +4,7 @@
 *  Copyright (c) 2004 Martin Murray <mmurray@monkey.org>
 *  All rights reserved.
 *
- * $Id: kbfunc.c,v 1.6 2007/06/27 13:28:22 todd Exp $
+ * $Id: kbfunc.c,v 1.7 2007/09/06 06:01:14 jasper Exp $
 */

 #include <paths.h>
@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg)
 void
 kbfunc_exec(struct client_ctx *scratch, void *arg)
 {
-	char **ap, *paths[256], *path, tpath[MAXPATHLEN];
+#define NPATHS 256
+	char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN];
 	int l, i, j, ngroups;
 	gid_t mygroups[NGROUPS_MAX];
 	uid_t ruid, euid, suid;
@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg)
 	TAILQ_INIT(&menuq);
 	/* just use default path until we have config to set this */
 	path = xstrdup(_PATH_DEFPATH);
-	for (ap = paths; ap < &paths[sizeof(paths) - 1] &&
+	for (ap = paths; ap < &paths[NPATHS - 1] &&
 	    (*ap = strsep(&path, ":")) != NULL;) {
 		if (**ap != '\0')
 			ap++;
 	}
 	*ap = NULL;
-	for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) {
+	for (i = 0; i < NPATHS && paths[i] != NULL; i++) {
 		if ((dirp = opendir(paths[i])) == NULL)
 			continue;