Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATH_MAX used dangerously -- do we care?



> I can find at least half a dozen places where some form of user input is
> sprintf'd or strcpy'd into a PATH_MAX-sized stack buffer or static buffer.
> The most obvious one is in sourcehome() in init.c, where $ZDOTDIR plus a
> slash and file name is sprintf'd into such a buffer.
> 
> In all cases I found, the string being placed in the buffer really is a
> path name, so PATH_MAX is a reasonable limit upon it; so I don't suggest
> switching to dynamic buffers, but shouldn't there be a bounds check?

Yes there should be.  If you know the places where it should be fexed, send
in that list or send a patch which fixes that.  There can be two solutions:
we can silently truncate the string or we may give some error message and
refuse to do anything with the string.  The later is probably more correct
behaviour.  Perhaps the behaviour of other shells can be examined before
the decision.

Zoltan




Messages sorted by: Reverse Date, Date, Thread, Author