diff options
author | Tony Cook <tony@develop-help.com> | 2017-07-27 10:12:02 +1000 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2017-09-10 12:49:04 +0100 |
commit | 8586647e338e8eb42c00fe6f687105c9b8a36d44 (patch) | |
tree | 1990b47fba528541d0bd68f478e2ccf1922d304b /win32/perlhost.h | |
parent | 2be4edede4ae226e2eebd4eff28cedd2041f300f (diff) | |
download | perl-8586647e338e8eb42c00fe6f687105c9b8a36d44.tar.gz |
(perl #131665) avoid a buffer overflow in a buffer we didn't need
since Lookup() treats its argument as NUL or '=' terminated.
Previously environment variable names longer than the size of the
buffer would result in a buffer overflow.
Diffstat (limited to 'win32/perlhost.h')
-rw-r--r-- | win32/perlhost.h | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/win32/perlhost.h b/win32/perlhost.h index 84b08c9b90..3260f62a02 100644 --- a/win32/perlhost.h +++ b/win32/perlhost.h @@ -2177,17 +2177,11 @@ compare(const void *arg1, const void *arg2) void CPerlHost::Add(LPCSTR lpStr) { - char szBuffer[1024]; LPSTR *lpPtr; - int index, length = strlen(lpStr)+1; - - for(index = 0; lpStr[index] != '\0' && lpStr[index] != '='; ++index) - szBuffer[index] = lpStr[index]; - - szBuffer[index] = '\0'; + STRLEN length = strlen(lpStr)+1; // replacing ? - lpPtr = Lookup(szBuffer); + lpPtr = Lookup(lpStr); if (lpPtr != NULL) { // must allocate things via host memory allocation functions // rather than perl's Renew() et al, as the perl interpreter |