diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2007-08-27 11:01:39 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2007-08-27 11:01:39 +0300 |
commit | de9061b214a3b32aeb7ed5bd6374db0674fba578 (patch) | |
tree | 6ff67b5251ed8e04e600bc3945c3df60f882fd3b /rpmio/macro.c | |
parent | 8347d40b040b163c3ed92de7accafddb53e10d27 (diff) | |
download | librpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.tar.gz librpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.tar.bz2 librpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.zip |
Fix monday morning thinkos wrt macro buffer changes.
The expanded size is of course not known beforehand.. check for size
before copying instead.
Diffstat (limited to 'rpmio/macro.c')
-rw-r--r-- | rpmio/macro.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c index b5363ef00..4f9be0700 100644 --- a/rpmio/macro.c +++ b/rpmio/macro.c @@ -599,13 +599,15 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen) /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ /*@modifies mb, rpmGlobalMacroContext, fileSystem @*/ { - char *pcmd; + char pcmd[BUFSIZ]; FILE *shf; int rc; int c; - pcmd = alloca(clen + 1); - memset(pcmd, 0, (clen + 1)); + if (clen >= sizeof(pcmd)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + return 1; + } strncpy(pcmd, cmd, clen); pcmd[clen] = '\0'; @@ -1082,11 +1084,12 @@ doOutput(MacroBuf mb, int waserror, const char * msg, size_t msglen) /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ /*@modifies mb, rpmGlobalMacroContext, fileSystem @*/ { - char *buf; - - buf = alloca(msglen + 1); - memset(buf, 0, (msglen + 1)); + char buf[BUFSIZ]; + if (msglen >= sizeof(buf)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + msglen = sizeof(buf) - 1; + } strncpy(buf, msg, msglen); buf[msglen] = '\0'; (void) expandU(mb, buf, sizeof(buf)); @@ -1111,12 +1114,15 @@ doFoo(MacroBuf mb, int negate, const char * f, size_t fn, /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ /*@modifies mb, rpmGlobalMacroContext, fileSystem, internalState @*/ { - char *buf, *b = NULL, *be; + char buf[BUFSIZ], *b = NULL, *be; int c; - buf = alloca(gn + 1); - memset(buf, 0, gn + 1); + buf[0] = '\0'; if (g != NULL) { + if (gn >= sizeof(buf)) { + rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n")); + gn = sizeof(buf) - 1; + } strncpy(buf, g, gn); buf[gn] = '\0'; (void) expandU(mb, buf, sizeof(buf)); |