Fix a buffer overflow. Which accounted for the size of the path, plus the the

'/', plus the size of the test command. It did not account for the terminating NULL, which overwrote the end of the string. -Erik
author: Eric Andersen <andersen@codepoet.org> 2001-05-04 20:47:33 +0000
committer: Eric Andersen <andersen@codepoet.org> 2001-05-04 20:47:33 +0000
commit: 7526f035f4feea48d4c686a2c5c484c4175976f9 (patch)
tree: 7e7a5c8f8b620362138967edc83a20fda3e0a346
parent: e5ffb911e89f244c7edcfe197c71b4b5e5955310 (diff)
download: busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.tar.gz
busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.tar.bz2
busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/findutils/which.c b/findutils/which.c
index 1d7524465..08813c149 100644
--- a/findutils/which.c
+++ b/findutils/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
                argv++;
                found = 0;
                for (i = 0; i < count; i++) {
-                        char buf[strlen(path_n)+1+strlen(*argv)];
+                        char buf[strlen(path_n)+strlen(*argv)+2];
                        strcpy (buf, path_n);
                        strcat (buf, "/");
                        strcat (buf, *argv);
diff --git a/which.c b/which.c
index 1d7524465..08813c149 100644
--- a/which.c
+++ b/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
                argv++;
                found = 0;
                for (i = 0; i < count; i++) {
-                        char buf[strlen(path_n)+1+strlen(*argv)];
+                        char buf[strlen(path_n)+strlen(*argv)+2];
                        strcpy (buf, path_n);
                        strcat (buf, "/");
                        strcat (buf, *argv);
author	Eric Andersen <andersen@codepoet.org>	2001-05-04 20:47:33 +0000
committer	Eric Andersen <andersen@codepoet.org>	2001-05-04 20:47:33 +0000
commit	7526f035f4feea48d4c686a2c5c484c4175976f9 (patch)
tree	7e7a5c8f8b620362138967edc83a20fda3e0a346
parent	e5ffb911e89f244c7edcfe197c71b4b5e5955310 (diff)
download	busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.tar.gz busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.tar.bz2 busybox-w32-7526f035f4feea48d4c686a2c5c484c4175976f9.zip

diff --git a/findutils/which.c b/findutils/which.c index 1d7524465..08813c149 100644 --- a/findutils/which.c +++ b/findutils/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
53	argv++;	53	argv++;
54	found = 0;	54	found = 0;
55	for (i = 0; i < count; i++) {	55	for (i = 0; i < count; i++) {
56	char buf[strlen(path_n)+1+strlen(*argv)];	56	char buf[strlen(path_n)+strlen(*argv)+2];
57	strcpy (buf, path_n);	57	strcpy (buf, path_n);
58	strcat (buf, "/");	58	strcat (buf, "/");
59	strcat (buf, *argv);	59	strcat (buf, *argv);


diff --git a/which.c b/which.c index 1d7524465..08813c149 100644 --- a/which.c +++ b/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
53	argv++;	53	argv++;
54	found = 0;	54	found = 0;
55	for (i = 0; i < count; i++) {	55	for (i = 0; i < count; i++) {
56	char buf[strlen(path_n)+1+strlen(*argv)];	56	char buf[strlen(path_n)+strlen(*argv)+2];
57	strcpy (buf, path_n);	57	strcpy (buf, path_n);
58	strcat (buf, "/");	58	strcat (buf, "/");
59	strcat (buf, *argv);	59	strcat (buf, *argv);