Fix potential buffer overflow in macro findEntry()

Avoid static buffer, we know the size...
author: Panu Matilainen <pmatilai@redhat.com> 2007-08-27 09:51:52 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2007-08-27 09:51:52 +0300
commit: ad7c8e98c9285fd100d0386e37ede8f2ba71f441 (patch)
tree: 22c7add015e5f613521491890e325bc829766fff /rpmio/macro.c
parent: 0e74bc98bed27e78b73d6ca1123c63aee4c6335a (diff)
download: rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.tar.gz
rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.tar.bz2
rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c
index 3c2070d32..6dc173f17 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -253,7 +253,7 @@ findEntry(MacroContext mc, const char * name, size_t namelen)
 {
     MacroEntry key, *ret;
     struct MacroEntry_s keybuf;
-    char namebuf[1024];
+    char *namebuf = NULL;
 
 /*@-globs@*/
     if (mc == NULL) mc = rpmGlobalMacroContext;
@@ -263,6 +263,8 @@ findEntry(MacroContext mc, const char * name, size_t namelen)
 
 /*@-branchstate@*/
     if (namelen > 0) {
+	namebuf = alloca(namelen + 1);
+	memset(namebuf, 0, (namelen + 1));
 	strncpy(namebuf, name, namelen);
 	namebuf[namelen] = '\0';
 	name = namebuf;
author	Panu Matilainen <pmatilai@redhat.com>	2007-08-27 09:51:52 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2007-08-27 09:51:52 +0300
commit	ad7c8e98c9285fd100d0386e37ede8f2ba71f441 (patch)
tree	22c7add015e5f613521491890e325bc829766fff /rpmio/macro.c
parent	0e74bc98bed27e78b73d6ca1123c63aee4c6335a (diff)
download	rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.tar.gz rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.tar.bz2 rpm-ad7c8e98c9285fd100d0386e37ede8f2ba71f441.zip