aboutsummaryrefslogtreecommitdiffstats
path: root/win32
diff options
context:
space:
mode:
authorusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-12-21 07:50:14 +0000
committerusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-12-21 07:50:14 +0000
commit7d9707a0f41cc377a841a811e5bc52c71c58651c (patch)
tree5c7d2f940f738458fd0520d44bcb3af76c3ce69c /win32
parent5739d3c743a4c76ffb15a459b2466da3ec35061e (diff)
downloadruby-7d9707a0f41cc377a841a811e5bc52c71c58651c.tar.gz
Fixed potentially buffer overrun.
* win32/win32.c (winnt_stat): the return value of `get_final_path` is the expected buffer length, not the actuall filled length. * win32/win32.c (winnt_stat): `finalname` may be accessed in the outer block of its definition via `path`. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57135 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'win32')
-rw-r--r--win32/win32.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/win32/win32.c b/win32/win32.c
index 17dce8d016..decf81846d 100644
--- a/win32/win32.c
+++ b/win32/win32.c
@@ -5547,11 +5547,11 @@ static int
winnt_stat(const WCHAR *path, struct stati64 *st)
{
HANDLE f;
+ WCHAR finalname[PATH_MAX];
memset(st, 0, sizeof(*st));
f = open_special(path, 0, 0);
if (f != INVALID_HANDLE_VALUE) {
- WCHAR finalname[PATH_MAX];
const DWORD attr = stati64_handle(f, st);
const DWORD len = get_final_path(f, finalname, numberof(finalname), 0);
CloseHandle(f);
@@ -5560,7 +5560,7 @@ winnt_stat(const WCHAR *path, struct stati64 *st)
}
st->st_mode = fileattr_to_unixmode(attr, path);
if (len) {
- finalname[len] = L'\0';
+ finalname[min(len, PATH_MAX-1)] = L'\0';
path = finalname;
if (wcsncmp(path, namespace_prefix, numberof(namespace_prefix)) == 0)
path += numberof(namespace_prefix);