Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATH_MAX used dangerously -- do we care?

X-seq: zsh-workers 1552
From: "Bart Schaefer" <schaefer@xxxxxxxxxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxxxxxxxxxx
Subject: PATH_MAX used dangerously -- do we care?
Date: Sun, 7 Jul 1996 09:34:01 -0700
Reply-to: schaefer@xxxxxxx

I can find at least half a dozen places where some form of user input is
sprintf'd or strcpy'd into a PATH_MAX-sized stack buffer or static buffer.
The most obvious one is in sourcehome() in init.c, where $ZDOTDIR plus a
slash and file name is sprintf'd into such a buffer.

In all cases I found, the string being placed in the buffer really is a
path name, so PATH_MAX is a reasonable limit upon it; so I don't suggest
switching to dynamic buffers, but shouldn't there be a bounds check?

-- 
Bart Schaefer                             Brass Lantern Enterprises
http://www.well.com/user/barts            http://www.nbn.com/people/lantern

New male in /home/schaefer:
>N  2 Justin William Schaefer  Sat May 11 03:43  53/4040  "Happy Birthday"

Follow-Ups:
- Re: PATH_MAX used dangerously -- do we care?
  - From: Zoltan Hidvegi

Messages sorted by: Reverse Date, Date, Thread, Author