diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-03-17 23:42:00 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-03-17 23:42:00 +0000 |
| commit | f3cde2b5fbd1c936c297a248c4d277339db687ff (patch) | |
| tree | adc0b03463ff11b0531fcdc30d437bd672020706 /win32 | |
| parent | 966a25465aab5c2972e6c453f631a15fc2223256 (diff) | |
| download | ruby-f3cde2b5fbd1c936c297a248c4d277339db687ff.tar.gz | |
* win32/dir.h, win32/win32.c (rb_w32_opendir, rb_w32_readdir,
rb_w32_closedir): get rid of possible buffer-overflows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'win32')
| -rw-r--r-- | win32/dir.h | 2 | ||||
| -rw-r--r-- | win32/win32.c | 22 |
2 files changed, 15 insertions, 9 deletions
diff --git a/win32/dir.h b/win32/dir.h index f970745fdf..a0c7fa86c6 100644 --- a/win32/dir.h +++ b/win32/dir.h @@ -12,7 +12,7 @@ struct direct { long d_namlen; ino_t d_ino; - char d_name[256]; + char *d_name; char d_isdir; /* directory */ char d_isrep; /* reparse point */ }; diff --git a/win32/win32.c b/win32/win32.c index 496268705c..a6f3495542 100644 --- a/win32/win32.c +++ b/win32/win32.c @@ -1084,7 +1084,7 @@ cmdglob(NtCmdLineElement *patt, NtCmdLineElement **tail) if (patt->len >= MAXPATHLEN) if (!(buf = malloc(patt->len + 1))) return 0; - strncpy (buf, patt->str, patt->len); + strncpy(buf, patt->str, patt->len); buf[patt->len] = '\0'; for (p = buf; *p; p = CharNext(p)) if (*p == '\\') @@ -1373,7 +1373,7 @@ rb_w32_cmdvector(const char *cmd, char ***vec) ptr = buffer + (elements+1) * sizeof(char *); while (curr = cmdhead) { - strncpy (ptr, curr->str, curr->len); + strncpy(ptr, curr->str, curr->len); ptr[curr->len] = '\0'; *vptr++ = ptr; ptr += curr->len + 1; @@ -1409,8 +1409,7 @@ rb_w32_opendir(const char *filename) DIR *p; long len; long idx; - char scannamespc[PATHLEN]; - char *scanname = scannamespc; + char *scanname; struct stati64 sbuf; WIN32_FIND_DATA fd; HANDLE fh; @@ -1432,14 +1431,17 @@ rb_w32_opendir(const char *filename) // Get us a DIR structure // - p = xcalloc(sizeof(DIR), 1); + p = calloc(sizeof(DIR), 1); if (p == NULL) return NULL; // // Create the search pattern // - + if (!(scanname = malloc(strlen(filename) + 2 + 1))) { + free(p); + return NULL; + } strcpy(scanname, filename); if (index("/\\:", *CharPrev(scanname, scanname + strlen(scanname))) == NULL) @@ -1452,6 +1454,7 @@ rb_w32_opendir(const char *filename) // fh = FindFirstFile(scanname, &fd); + free(scanname); if (fh == INVALID_HANDLE_VALUE) { errno = map_errno(GetLastError()); free(p); @@ -1553,9 +1556,10 @@ rb_w32_readdir(DIR *dirp) // // first set up the structure to return // - - strcpy(dirp->dirstr.d_name, dirp->curr); dirp->dirstr.d_namlen = strlen(dirp->curr); + if (!(dirp->dirstr.d_name = malloc(dirp->dirstr.d_namlen + 1))) + return NULL; + strcpy(dirp->dirstr.d_name, dirp->curr); // // Fake inode @@ -1622,6 +1626,8 @@ rb_w32_rewinddir(DIR *dirp) void rb_w32_closedir(DIR *dirp) { + if (dirp->dirstr.d_name) + free(dirp->dirstr.d_name); free(dirp->start); free(dirp->bits); free(dirp); |