diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2007-08-27 09:55:42 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2007-08-27 09:55:42 +0300 |
| commit | 40d25ee3ea29768f828d71a99f845792c46a2be0 (patch) | |
| tree | 0f3a33e2129ec60ff78d5d7c630d64507c7cf508 | |
| parent | ad7c8e98c9285fd100d0386e37ede8f2ba71f441 (diff) | |
| download | rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.gz rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.bz2 rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.zip | |
Fix potential buffer overflow in macro primitive execution
Use dynamic buffer, we know the needed size here...
| -rw-r--r-- | rpmio/macro.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c index 6dc173f17..b5363ef00 100644 --- a/rpmio/macro.c +++ b/rpmio/macro.c @@ -1111,10 +1111,11 @@ doFoo(MacroBuf mb, int negate, const char * f, size_t fn, /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ /*@modifies mb, rpmGlobalMacroContext, fileSystem, internalState @*/ { - char buf[BUFSIZ], *b = NULL, *be; + char *buf, *b = NULL, *be; int c; - buf[0] = '\0'; + buf = alloca(gn + 1); + memset(buf, 0, gn + 1); if (g != NULL) { strncpy(buf, g, gn); buf[gn] = '\0'; |