summaryrefslogtreecommitdiff
path: root/rpmio/macro.c
diff options
context:
space:
mode:
authorPanu Matilainen <pmatilai@redhat.com>2007-08-27 11:01:39 +0300
committerPanu Matilainen <pmatilai@redhat.com>2007-08-27 11:01:39 +0300
commitde9061b214a3b32aeb7ed5bd6374db0674fba578 (patch)
tree6ff67b5251ed8e04e600bc3945c3df60f882fd3b /rpmio/macro.c
parent8347d40b040b163c3ed92de7accafddb53e10d27 (diff)
downloadlibrpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.tar.gz
librpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.tar.bz2
librpm-tizen-de9061b214a3b32aeb7ed5bd6374db0674fba578.zip
Fix monday morning thinkos wrt macro buffer changes.
The expanded size is of course not known beforehand.. check for size before copying instead.
Diffstat (limited to 'rpmio/macro.c')
-rw-r--r--rpmio/macro.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c
index b5363ef00..4f9be0700 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -599,13 +599,15 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
/*@modifies mb, rpmGlobalMacroContext, fileSystem @*/
{
- char *pcmd;
+ char pcmd[BUFSIZ];
FILE *shf;
int rc;
int c;
- pcmd = alloca(clen + 1);
- memset(pcmd, 0, (clen + 1));
+ if (clen >= sizeof(pcmd)) {
+ rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n"));
+ return 1;
+ }
strncpy(pcmd, cmd, clen);
pcmd[clen] = '\0';
@@ -1082,11 +1084,12 @@ doOutput(MacroBuf mb, int waserror, const char * msg, size_t msglen)
/*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/
/*@modifies mb, rpmGlobalMacroContext, fileSystem @*/
{
- char *buf;
-
- buf = alloca(msglen + 1);
- memset(buf, 0, (msglen + 1));
+ char buf[BUFSIZ];
+ if (msglen >= sizeof(buf)) {
+ rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n"));
+ msglen = sizeof(buf) - 1;
+ }
strncpy(buf, msg, msglen);
buf[msglen] = '\0';
(void) expandU(mb, buf, sizeof(buf));
@@ -1111,12 +1114,15 @@ doFoo(MacroBuf mb, int negate, const char * f, size_t fn,
/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
/*@modifies mb, rpmGlobalMacroContext, fileSystem, internalState @*/
{
- char *buf, *b = NULL, *be;
+ char buf[BUFSIZ], *b = NULL, *be;
int c;
- buf = alloca(gn + 1);
- memset(buf, 0, gn + 1);
+ buf[0] = '\0';
if (g != NULL) {
+ if (gn >= sizeof(buf)) {
+ rpmError(RPMERR_BADSPEC, _("Target buffer overflow\n"));
+ gn = sizeof(buf) - 1;
+ }
strncpy(buf, g, gn);
buf[gn] = '\0';
(void) expandU(mb, buf, sizeof(buf));