Avoid buffer overflow in dl_win32.c

This fixes the DynaLoader related part of bug 78710 http://rt.perl.org/rt3//Public/Bug/Display.html?id=78710
author: Jan Dubois <jand@activestate.com> 2010-11-01 17:25:58 -0700
committer: Jan Dubois <jand@activestate.com> 2010-11-01 17:26:37 -0700
commit: 0e244b13e1368816270fb8cd48d1237312a1e938 (patch)
tree: 285b58c1f3d40b4066ba24ef0fc49473a17059db
parent: 227aaa42ba4aa82332777bb2eee8d1fc74aba92e (diff)
download: perl-0e244b13e1368816270fb8cd48d1237312a1e938.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/ext/DynaLoader/dl_win32.xs b/ext/DynaLoader/dl_win32.xs
index 60ec703b92..94b3fe3e83 100644
--- a/ext/DynaLoader/dl_win32.xs
+++ b/ext/DynaLoader/dl_win32.xs
@@ -72,6 +72,10 @@ dl_static_linked(char *filename)
     static char subStr[] = "/auto/";
     char szBuffer[MAX_PATH];
 
+    /* avoid buffer overflow when called with invalid filenames */
+    if (strlen(filename) >= sizeof(szBuffer))
+        return 0;
+
     /* change all the '\\' to '/' */
     strcpy(szBuffer, filename);
     for(ptr = szBuffer; ptr = strchr(ptr, '\\'); ++ptr)
diff --git a/lib/overload/numbers.pm b/lib/overload/numbers.pm
index 599361e9d3..599361e9d3 100644..100755
--- a/lib/overload/numbers.pm
+++ b/lib/overload/numbers.pm
author	Jan Dubois <jand@activestate.com>	2010-11-01 17:25:58 -0700
committer	Jan Dubois <jand@activestate.com>	2010-11-01 17:26:37 -0700
commit	0e244b13e1368816270fb8cd48d1237312a1e938 (patch)
tree	285b58c1f3d40b4066ba24ef0fc49473a17059db
parent	227aaa42ba4aa82332777bb2eee8d1fc74aba92e (diff)
download	perl-0e244b13e1368816270fb8cd48d1237312a1e938.tar.gz