16 lines
528 B
Plaintext
16 lines
528 B
Plaintext
$NetBSD: patch-ab,v 1.1 2008/04/13 12:20:18 dillo Exp $
|
|
|
|
Fix for local buffer overflow, from cftp mercurial repository (r574).
|
|
|
|
--- readrc.c Wed Jul 04 18:18:41 2007 +0200
|
|
+++ readrc.c Sun Apr 13 14:10:51 2008 +0200
|
|
@@ -57,7 +55,7 @@ readrc(char **userp, char **passp, char
|
|
char b[8192], *p, *tok, *q, *home;
|
|
char *user, *pass, *host, *port, *wdir;
|
|
|
|
- if ((home=getenv("HOME")) == NULL)
|
|
+ if ((home=getenv("HOME")) == NULL || strlen(home) > sizeof(b)-9)
|
|
home = "";
|
|
sprintf(b, "%s/.cftprc", home);
|
|
|