[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
HOME="" out of boundary access
From: |
Tobias Stoeckmann |
Subject: |
HOME="" out of boundary access |
Date: |
Sun, 21 Jun 2015 12:27:39 +0200 |
If environment variable HOME is set but empty, the check for a trailing
slash would lead to an out of boundary access.
--- which-2.21/which.c~ 2015-06-21 11:53:10.569495520 +0200
+++ which-2.21/which.c 2015-06-21 11:56:55.298057365 +0200
@@ -515,7 +515,7 @@
strncpy(home, h, sizeof(home));
home[sizeof(home) - 1] = 0;
homelen = strlen(home);
- if (home[homelen - 1] != '/' && homelen < sizeof(home) - 1)
+ if (homelen == 0 || home[homelen - 1] != '/' && homelen < sizeof(home) - 1)
{
strcat(home, "/");
++homelen;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- HOME="" out of boundary access,
Tobias Stoeckmann <=