diff options
| author | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2001-05-04 20:47:33 +0000 |
|---|---|---|
| committer | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2001-05-04 20:47:33 +0000 |
| commit | 28d4e1b5326572d55c53ab5853cfe56d59e7de29 (patch) | |
| tree | 7e7a5c8f8b620362138967edc83a20fda3e0a346 /which.c | |
| parent | bebfacef6855ff97429e4aebe533a68ee42a0dc3 (diff) | |
| download | busybox-w32-28d4e1b5326572d55c53ab5853cfe56d59e7de29.tar.gz busybox-w32-28d4e1b5326572d55c53ab5853cfe56d59e7de29.tar.bz2 busybox-w32-28d4e1b5326572d55c53ab5853cfe56d59e7de29.zip | |
Fix a buffer overflow. Which accounted for the size of the path, plus the the
'/', plus the size of the test command. It did not account for the terminating
NULL, which overwrote the end of the string.
-Erik
git-svn-id: svn://busybox.net/trunk/busybox@2533 69ca8d6d-28ef-0310-b511-8ec308f3f277
Diffstat (limited to '')
| -rw-r--r-- | which.c | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv) | |||
| 53 | argv++; | 53 | argv++; |
| 54 | found = 0; | 54 | found = 0; |
| 55 | for (i = 0; i < count; i++) { | 55 | for (i = 0; i < count; i++) { |
| 56 | char buf[strlen(path_n)+1+strlen(*argv)]; | 56 | char buf[strlen(path_n)+strlen(*argv)+2]; |
| 57 | strcpy (buf, path_n); | 57 | strcpy (buf, path_n); |
| 58 | strcat (buf, "/"); | 58 | strcat (buf, "/"); |
| 59 | strcat (buf, *argv); | 59 | strcat (buf, *argv); |