From dd0ad1ac2310853e3d4963c5715de6a9c058479f Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@users.sourceforge.net>
Date: Wed, 5 Jan 2011 18:22:08 +0000
Subject: 28568: buffer overflow examining paths

---
 Src/utils.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'Src/utils.c')

diff --git a/Src/utils.c b/Src/utils.c
index b64530bcc..a1cac2537 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -3667,16 +3667,22 @@ mindist(char *dir, char *mindistguess, char *mindistbest)
     int mindistd, nd;
     DIR *dd;
     char *fn;
-    char buf[PATH_MAX];
+    char *buf;
 
     if (dir[0] == '\0')
 	dir = ".";
     mindistd = 100;
+
+    buf = zalloc(strlen(dir) + strlen(mindistguess) + 2);
     sprintf(buf, "%s/%s", dir, mindistguess);
+
     if (access(unmeta(buf), F_OK) == 0) {
 	strcpy(mindistbest, mindistguess);
+	free(buf);
 	return 0;
     }
+    free(buf);
+
     if (!(dd = opendir(unmeta(dir))))
 	return mindistd;
     while ((fn = zreaddir(dd, 0))) {
-- 
cgit v1.2.3