1 files changed, 8 insertions, 4 deletions

diff --git a/parse.c b/parse.c
index 43fce089b..862b18f2d 100644
--- a/parse.c
+++ b/parse.c
@@ -211,13 +211,15 @@ int command_matches(cmnd, user_args, path, sudoers_args)
     struct stat pst;
     DIR *dirp;
     struct dirent *dent;
-    char buf[MAXPATHLEN+1];
+    char buf[MAXPATHLEN];
     static char *c;
 
     /* don't bother with pseudo commands like "validate" */
     if (strchr(cmnd, '/') == NULL)
 	return(FALSE);
 
+    plen = strlen(path);
+
     /* only need to stat cmnd once since it never changes */
     if (cmnd_st.st_dev == 0) {
 	if (stat(cmnd, &cmnd_st) < 0)
@@ -249,7 +251,6 @@ int command_matches(cmnd, user_args, path, sudoers_args)
 	else
 	    return(FALSE);
     } else {
-	plen = strlen(path);
 	if (path[plen - 1] != '/') {
 #ifdef FAST_MATCH
 	    char *p;
@@ -291,6 +292,9 @@ int command_matches(cmnd, user_args, path, sudoers_args)
 	    return(FALSE);
 
 	while ((dent = readdir(dirp)) != NULL) {
+	    /* ignore paths > MAXPATHLEN (XXX - log) */
+	    if (plen + strlen(dent->d_name) >= sizeof(buf))
+		continue;
 	    strcpy(buf, path);
 	    strcat(buf, dent->d_name);
 #ifdef FAST_MATCH
@@ -404,13 +408,13 @@ int netgr_matches(netgr, host, user)
 #ifdef HAVE_GETDOMAINNAME
     /* get the domain name (if any) */
     if (domain == (char *) -1) {
-	if ((domain = (char *) malloc(MAXHOSTNAMELEN + 1)) == NULL) {
+	if ((domain = (char *) malloc(MAXHOSTNAMELEN)) == NULL) {
 	    perror("malloc");
 	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
 	    exit(1);
 	}
 
-	if (getdomainname(domain, MAXHOSTNAMELEN + 1) != 0 || *domain == '\0') {
+	if (getdomainname(domain, MAXHOSTNAMELEN) != 0 || *domain == '\0') {
 	    (void) free(domain);
 	    domain = NULL;
 	}