diff options
| author | Jan Dubois <jand@activestate.com> | 2004-04-13 12:49:32 -0700 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2004-04-14 07:08:52 +0000 |
| commit | 1928965c335b0bc2a3df245c2070b6e4b7bfad99 (patch) | |
| tree | 7f2467db68febf3951484d43bf220d1dd7f61068 /win32 | |
| parent | e56793ddb44055658f0603b2dc04ed5e70136bd8 (diff) | |
| download | perl-1928965c335b0bc2a3df245c2070b6e4b7bfad99.tar.gz | |
re: [PATCH] for bug 28525: Buffer overflow issue in the Win32 distribution of 5.8.3
Message-ID: <vm7p70h7au8unrnq4jp85oich7n71ar5ab@4ax.com
p4raw-id: //depot/perl@22691
Diffstat (limited to 'win32')
| -rw-r--r-- | win32/win32.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/win32/win32.c b/win32/win32.c index b36a7b7e46..e18dec78d2 100644 --- a/win32/win32.c +++ b/win32/win32.c @@ -3736,7 +3736,10 @@ qualified_path(const char *cmd) /* look in PATH */ pathstr = PerlEnv_getenv("PATH"); - New(0, fullcmd, MAX_PATH+1, char); + + /* worst case: PATH is a single directory; we need additional space + * to append "/", ".exe" and trailing "\0" */ + New(0, fullcmd, (pathstr ? strlen(pathstr) : 0) + cmdlen + 6, char); curfullcmd = fullcmd; while (1) { @@ -3777,17 +3780,13 @@ qualified_path(const char *cmd) if (*pathstr == '"') { /* foo;"baz;etc";bar */ pathstr++; /* skip initial '"' */ while (*pathstr && *pathstr != '"') { - if ((STRLEN)(curfullcmd-fullcmd) < MAX_PATH-cmdlen-5) - *curfullcmd++ = *pathstr; - pathstr++; + *curfullcmd++ = *pathstr++; } if (*pathstr) pathstr++; /* skip trailing '"' */ } else { - if ((STRLEN)(curfullcmd-fullcmd) < MAX_PATH-cmdlen-5) - *curfullcmd++ = *pathstr; - pathstr++; + *curfullcmd++ = *pathstr++; } } if (*pathstr) |