1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
$NetBSD: patch-ab,v 1.1 2008/04/13 12:20:18 dillo Exp $
Fix for local buffer overflow, from cftp mercurial repository (r574).
--- readrc.c Wed Jul 04 18:18:41 2007 +0200
+++ readrc.c Sun Apr 13 14:10:51 2008 +0200
@@ -57,7 +55,7 @@ readrc(char **userp, char **passp, char
char b[8192], *p, *tok, *q, *home;
char *user, *pass, *host, *port, *wdir;
- if ((home=getenv("HOME")) == NULL)
+ if ((home=getenv("HOME")) == NULL || strlen(home) > sizeof(b)-9)
home = "";
sprintf(b, "%s/.cftprc", home);
|
