Module Name: src
Committed By: ginsbach
Date: Wed Jun 10 03:24:27 UTC 2009
Modified Files:
src/bin/ed: main.c
Log Message:
Fix potential buffer overflow in filename escape processing
'ed [MAXPATHLEN + 1 characters]'. [From FreeBSD]
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/bin/ed/main.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/ed/main.c
diff -u src/bin/ed/main.c:1.20 src/bin/ed/main.c:1.21
--- src/bin/ed/main.c:1.20 Sun Jul 20 00:52:39 2008
+++ src/bin/ed/main.c Wed Jun 10 03:24:27 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.20 2008/07/20 00:52:39 lukem Exp $ */
+/* $NetBSD: main.c,v 1.21 2009/06/10 03:24:27 ginsbach Exp $ */
/* main.c: This file contains the main control and user-interface routines
for the ed line editor. */
@@ -39,7 +39,7 @@
#if 0
static char *rcsid = "@(#)main.c,v 1.1 1994/02/01 00:34:42 alm Exp";
#else
-__RCSID("$NetBSD: main.c,v 1.20 2008/07/20 00:52:39 lukem Exp $");
+__RCSID("$NetBSD: main.c,v 1.21 2009/06/10 03:24:27 ginsbach Exp $");
#endif
#endif /* not lint */
@@ -1326,8 +1326,8 @@
int i = 0;
REALLOC(file, filesz, MAXPATHLEN + 1, NULL);
- /* assert: no trailing escape */
- while ((file[i++] = (*s == '\\') != '\0' ? *++s : *s))
+ while ((i < (filesz - 1)) &&
+ (file[i++] = (*s == '\\') != '\0' ? *++s : *s))
s++;
return file;
}
