diff options
| author | Oliver Kiddle <okiddle@yahoo.co.uk> | 2018-03-28 09:00:58 +0200 |
|---|---|---|
| committer | Oliver Kiddle <okiddle@yahoo.co.uk> | 2018-03-28 09:00:58 +0200 |
| commit | c053c6a0799397632df9ba88f8812a1da49c67f1 (patch) | |
| tree | 0b316a3935e0b71eb6c4b362ab838492387e2a76 /Src/utils.c | |
| parent | fa0105f78c9204d72cb0cd68c20d5f390b2a044b (diff) | |
| download | zsh-c053c6a0799397632df9ba88f8812a1da49c67f1.tar.gz zsh-c053c6a0799397632df9ba88f8812a1da49c67f1.zip | |
42539: prevent overflow of PATH_MAX-sized buffer in spelling correction
Diffstat (limited to 'Src/utils.c')
| -rw-r--r-- | Src/utils.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/Src/utils.c b/Src/utils.c index 466014263..eab407eee 100644 --- a/Src/utils.c +++ b/Src/utils.c @@ -2287,7 +2287,8 @@ struncpy(char **s, char *t, int n) { char *u = *s; - while (n-- && (*u++ = *t++)); + while (n-- && (*u = *t++)) + u++; *s = u; if (n > 0) /* just one null-byte will do, unlike strncpy(3) */ *u = '\0'; @@ -4424,17 +4425,20 @@ spname(char *oldname) * odd to the human reader, and we may make use of the total * * distance for all corrections at some point in the future. */ if (bestdist < maxthresh) { - strcpy(new, spnameguess); - strcat(new, old); - return newname; + struncpy(&new, spnameguess, sizeof(newname) - (new - newname)); + struncpy(&new, old, sizeof(newname) - (new - newname)); + return (new - newname) >= (sizeof(newname)-1) ? NULL : newname; } else return NULL; } else { maxthresh = bestdist + thresh; bestdist += thisdist; } - for (p = spnamebest; (*new = *p++);) + for (p = spnamebest; (*new = *p++);) { + if ((new - newname) >= (sizeof(newname)-1)) + return NULL; new++; + } } } |