Module Name: src
Committed By: mrg
Date: Sun Oct 11 07:09:39 UTC 2009
Modified Files:
src/usr.bin/gzip: gzip.c
Log Message:
avoid an overflow in suffix handling, from Xin LI <delp...@delphij.net>.
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/usr.bin/gzip/gzip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/gzip/gzip.c
diff -u src/usr.bin/gzip/gzip.c:1.95 src/usr.bin/gzip/gzip.c:1.96
--- src/usr.bin/gzip/gzip.c:1.95 Sun Oct 11 07:07:54 2009
+++ src/usr.bin/gzip/gzip.c Sun Oct 11 07:09:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: gzip.c,v 1.95 2009/10/11 07:07:54 mrg Exp $ */
+/* $NetBSD: gzip.c,v 1.96 2009/10/11 07:09:39 mrg Exp $ */
/*
* Copyright (c) 1997, 1998, 2003, 2004, 2006 Matthew R. Green
@@ -30,7 +30,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 1997, 1998, 2003, 2004, 2006\
Matthew R. Green. All rights reserved.");
-__RCSID("$NetBSD: gzip.c,v 1.95 2009/10/11 07:07:54 mrg Exp $");
+__RCSID("$NetBSD: gzip.c,v 1.96 2009/10/11 07:09:39 mrg Exp $");
#endif /* not lint */
/*
@@ -146,6 +146,7 @@
#undef SUFFIX
};
#define NUM_SUFFIXES (sizeof suffixes / sizeof suffixes[0])
+#define SUFFIX_MAXLEN 30
static const char gzip_version[] = "NetBSD gzip 20060927";
@@ -334,6 +335,8 @@
case 'S':
len = strlen(optarg);
if (len != 0) {
+ if (len > SUFFIX_MAXLEN)
+ errx(1, "incorrect suffix: '%s'", optarg);
suffixes[0].zipped = optarg;
suffixes[0].ziplen = len;
} else {
@@ -1200,7 +1203,7 @@
/* Add (usually) .gz to filename */
if ((size_t)snprintf(outfile, outsize, "%s%s",
file, suffixes[0].zipped) >= outsize)
- memcpy(outfile - suffixes[0].ziplen - 1,
+ memcpy(outfile + outsize - suffixes[0].ziplen - 1,
suffixes[0].zipped, suffixes[0].ziplen + 1);
#ifndef SMALL
