What can I put in the change log for this, besides "fixed a buffer overrun"?
-Ken
On Wednesday, December 31, 2003, at 06:49 AM, Nicholas Clark wrote:
Also, we goofed - we didn't update the file that says which modules are
dual life, and this patch was applied to Cwd.xs before 5.8.2, to fix a
specific buffer overrun that the BSD people announced, which Jarkko spotted
It's not in the CPAN version.
Nicholas Clark
--- ../Cwd-2.08/Cwd.xs 2003-09-28 04:18:02.000000000 +0100 +++ ext/Cwd/Cwd.xs 2003-11-03 21:22:51.000000000 +0000 @@ -166,7 +166,7 @@ loop: rootd = 0;
if (*wbuf) {
- if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
+ if (strlen(resolved) + strlen(wbuf) + (1 - rootd) + 1 > MAXPATHLEN) {
errno = ENAMETOOLONG;
goto err1;
}
