expand: Fix buffer overflow in expandmeta - dash - patched shell with cmake build

summary refs log tree commit diff

path: root/src/mkinit.c

diff options

author	Herbert Xu <herbert@gondor.apana.org.au>	2018-03-25 16:38:00 +0800
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-04-02 23:30:44 +0800
commit	0f3806dd899ace97d5909f195882697ef9dd1eaa (patch)
tree	2d61861bf874ce560afb4a1017c7c099209140dd /src/mkinit.c
parent	builtin: Move echo space/nl handling into print_escape_str (diff)
download	dash-0f3806dd899ace97d5909f195882697ef9dd1eaa.tar.gz dash-0f3806dd899ace97d5909f195882697ef9dd1eaa.zip

expand: Fix buffer overflow in expandmeta

The native version of expandmeta allocates a buffer that may be
overrun for two reasons.  First of all the size is 1 byte too small
but this is normally hidden because the minimum size is rounded
up to 2048 bytes.  Secondly, if the directory level is deep enough,
any buffer can be overrun.

This patch fixes both problems by calling realloc when necessary.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions

nfig.sh?id=ca98c9e7bf31617efc3ff7d3575efe5bba3cde1a&follow=1'>tests: skip tests if strace is not functionalChristian Hesse 2019-12-10git: update to v2.24.1Christian Hesse 2019-11-22ui-repolist: do not return unsigned (negative) valueChristian Hesse 2019-11-08git: update to v2.24.0Christian Hesse 2019-10-25git: update to v2.23.0Christian Hesse 2019-10-25git: update to v2.22.0Christian Hesse 2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse 2019-06-05tests: successfully validate rc versionsChristian Hesse 2019-06-05git: update to v2.21.0Christian Hesse 2019-06-05ui-ssdiff: ban strncat()Christian Hesse 2019-06-05global: make 'char *path' const where possibleChristian Hesse 2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld 2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo 2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo 2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld 2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld 2018-12-09git: update to v2.20.0Christian Hesse 2018-11-25ui-blame: set repo for sbJason A. Donenfeld 2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld 2018-11-21git: use xz compressed archive for downloadChristian Hesse 2018-10-12git: update to v2.19.1Christian Hesse 2018-09-11ui-ssdiff: ban strcat()Christian Hesse 2018-09-11ui-ssdiff: ban strncpy()Christian Hesse 2018-09-11ui-shared: ban strcat()Christian Hesse 2018-09-11ui-patch: ban sprintf()Christian Hesse 2018-09-11ui-log: ban strncpy()Christian Hesse 2018-09-11ui-log: ban strcpy()Christian Hesse 2018-09-11parsing: ban sprintf()Christian Hesse 2018-09-11parsing: ban strncpy()Christian Hesse 2018-08-28filters: generate anchor links from markdownChristian Hesse 2018-08-03Bump version.Jason A. Donenfeld 2018-08-03clone: fix directory traversalJason A. Donenfeld 2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev