ALT Linux repos
Group :: Shells
RPM: tcsh
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: tcsh-6.20.00-owl-strnxxx.diff
Download
Download
diff -burN tcsh-6.20.00.orig/ma.setp.c tcsh-6.20.00/ma.setp.c
--- tcsh-6.20.00.orig/ma.setp.c 2007-11-20 23:03:51.000000000 +0300
+++ tcsh-6.20.00/ma.setp.c 2017-07-20 12:21:40.440176574 +0300
@@ -107,7 +107,7 @@
char *suffix;
char *defalt;
} syspath[] = {- "PATH", "/bin", ":/usr/ucb:/bin:/usr/bin",
+ "PATH", "/bin", ":/bin:/usr/bin:/sbin:/usr/sbin",
"CPATH", "/include", ":/usr/include",
"LPATH", "/lib", ":/lib:/usr/lib",
"MPATH", "/man", ":/usr/man",
@@ -354,10 +354,15 @@
*new = '\0';
if (localsyspath != NULL) {*new = ':';
- (void) strcpy(new + 1, localsyspath);
- (void) strcat(new, pe->psuf);
+ /*
+ limit all elements to 1/2 of MAXPATHLEN aka PATH_MAX
+ this reduces the risk, but doesn't eliminate it: the
+ use of fixed-size buffer must be totally eliminated
+ */
+ (void) strncpy(new + 1, localsyspath, MAXPATHLEN>>1);
+ (void) strncat(new, pe->psuf, MAXPATHLEN>>1);
}
- (void) strcat(new, pe->pdef);
+ (void) strncat(new, pe->pdef, MAXPATHLEN>>1);
for (n = 0; n < pe->pdirs; n++) {if (pe->pdir[n] == NULL)
continue;
@@ -397,8 +402,8 @@
new = localsyspath;
else {new = newbuf;
- (void) strcpy(new, localsyspath);
- (void) strcat(new, pe->psuf);
+ (void) strncpy(new, localsyspath, MAXPATHLEN>>1);
+ (void) strncat(new, pe->psuf, MAXPATHLEN>>1);
}
n = locate(pe, new);
if (n >= 0)
@@ -458,8 +463,8 @@
if (sflag) { /* add suffix */new = newbuf;
- (void) strcpy(new, key);
- (void) strcat(new, pe->psuf);
+ (void) strncpy(new, key, MAXPATHLEN>>1);
+ (void) strncat(new, pe->psuf, MAXPATHLEN>>1);
} else
new = key;
new = strsave(new);
@@ -560,8 +565,8 @@
if (sflag) { /* append suffix */new = newbuf;
- (void) strcpy(new, key);
- (void) strcat(new, pe->psuf);
+ (void) strncpy(new, key, MAXPATHLEN>>1);
+ (void) strncat(new, pe->psuf, MAXPATHLEN>>1);
} else
new = key;
new = strsave(new);
@@ -582,8 +587,8 @@
if (sflag) {realkey = keybuf;
- (void) strcpy(realkey, key);
- (void) strcat(realkey, pe->psuf);
+ (void) strncpy(realkey, key, MAXPATHLEN>>1);
+ (void) strncat(realkey, pe->psuf, MAXPATHLEN>>1);
} else
realkey = key;
for (i = 0; i < pe->pdirs; i++)