fix buffer overflow, as sizeof(paths) won't fit inside the array.

from Stefan Kempf

"looks right to me" matthieu@
This commit is contained in:
jasper 2007-09-06 06:01:14 +00:00
parent ceb782213d
commit 3bbf519bbb

View File

@ -4,7 +4,7 @@
* Copyright (c) 2004 Martin Murray <mmurray@monkey.org>
* All rights reserved.
*
* $Id: kbfunc.c,v 1.6 2007/06/27 13:28:22 todd Exp $
* $Id: kbfunc.c,v 1.7 2007/09/06 06:01:14 jasper Exp $
*/
#include <paths.h>
@ -170,7 +170,8 @@ kbfunc_lock(struct client_ctx *cc, void *arg)
void
kbfunc_exec(struct client_ctx *scratch, void *arg)
{
char **ap, *paths[256], *path, tpath[MAXPATHLEN];
#define NPATHS 256
char **ap, *paths[NPATHS], *path, tpath[MAXPATHLEN];
int l, i, j, ngroups;
gid_t mygroups[NGROUPS_MAX];
uid_t ruid, euid, suid;
@ -188,13 +189,13 @@ kbfunc_exec(struct client_ctx *scratch, void *arg)
TAILQ_INIT(&menuq);
/* just use default path until we have config to set this */
path = xstrdup(_PATH_DEFPATH);
for (ap = paths; ap < &paths[sizeof(paths) - 1] &&
for (ap = paths; ap < &paths[NPATHS - 1] &&
(*ap = strsep(&path, ":")) != NULL;) {
if (**ap != '\0')
ap++;
}
*ap = NULL;
for (i = 0; i < sizeof(paths) && paths[i] != NULL; i++) {
for (i = 0; i < NPATHS && paths[i] != NULL; i++) {
if ((dirp = opendir(paths[i])) == NULL)
continue;