Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: PATH_MAX safety



Daniel S was worried that in many (but not all) of the places where
arrays are created with the length PATH_MAX no account is taken of the
possibility that a null byte might take it over that.

The simplest way to make this safe seems to be to ensure we always allow
for that extra byte.

Before you write fulminating letters to the papers about this, the point
here is not to ensure everything is sized just right, it's to be
transparently clear that things aren't sized wrong.  So in some cases
it's already not actually possible to use the last byte.

pws

diff --git a/Src/Zle/compctl.c b/Src/Zle/compctl.c
index 09e5905..52c6f12 100644
--- a/Src/Zle/compctl.c
+++ b/Src/Zle/compctl.c
@@ -2135,7 +2135,7 @@ gen_matches_files(int dirs, int execs, int all)
 {
     DIR *d;
     struct stat buf;
-    char *n, p[PATH_MAX], *q = NULL, *e, *pathpref;
+    char *n, p[PATH_MAX+1], *q = NULL, *e, *pathpref;
     LinkList l = NULL;
     int ns = 0, ng = opts[NULLGLOB], test, aw = addwhat, pathpreflen;
 
diff --git a/Src/builtin.c b/Src/builtin.c
index 6969719..d3c6285 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -973,7 +973,7 @@ cd_do_chdir(char *cnam, char *dest, int hard)
      * Normalize path under Cygwin to avoid messing with
      * DOS style names with drives in them
      */
-    static char buf[PATH_MAX];
+    static char buf[PATH_MAX+1];
 #ifdef HAVE_CYGWIN_CONV_PATH
     cygwin_conv_path(CCP_WIN_A_TO_POSIX | CCP_RELATIVE, dest, buf,
 		     PATH_MAX);
diff --git a/Src/compat.c b/Src/compat.c
index 9041c0b..81afd4d 100644
--- a/Src/compat.c
+++ b/Src/compat.c
@@ -270,7 +270,7 @@ zgetdir(struct dirsav *d)
     int len;
 #endif
 
-    buf = zhalloc(bufsiz = PATH_MAX);
+    buf = zhalloc(bufsiz = PATH_MAX+1);
     pos = bufsiz - 1;
     buf[pos] = '\0';
     strcpy(nbuf, "../");
@@ -439,11 +439,11 @@ zgetcwd(void)
 	    free(cwd);
 	}
 #else
-	char *cwdbuf = zalloc(PATH_MAX);
+	char *cwdbuf = zalloc(PATH_MAX+1);
 	ret = getcwd(cwdbuf, PATH_MAX);
 	if (ret)
 	    ret = dupstring(ret);
-	zfree(cwdbuf, PATH_MAX);
+	zfree(cwdbuf, PATH_MAX+1);
 #endif /* GETCWD_CALLS_MALLOC */
     }
 #endif /* HAVE_GETCWD */
diff --git a/Src/exec.c b/Src/exec.c
index a01a633..f20321f 100644
--- a/Src/exec.c
+++ b/Src/exec.c
@@ -437,7 +437,7 @@ static int
 zexecve(char *pth, char **argv, char **newenvp)
 {
     int eno;
-    static char buf[PATH_MAX * 2];
+    static char buf[PATH_MAX * 2+1];
     char **eep;
 
     unmetafy(pth, NULL);
@@ -620,7 +620,7 @@ static void
 execute(LinkList args, int flags, int defpath)
 {
     Cmdnam cn;
-    char buf[MAXCMDLEN], buf2[MAXCMDLEN];
+    char buf[MAXCMDLEN+1], buf2[MAXCMDLEN+1];
     char *s, *z, *arg0;
     char **argv, **pp, **newenvp = NULL;
     int eno = 0, ee;
@@ -701,7 +701,7 @@ execute(LinkList args, int flags, int defpath)
 
     /* for command -p, search the default path */
     if (defpath) {
-	char pbuf[PATH_MAX];
+	char pbuf[PATH_MAX+1];
 	char *dptr;
 
 	if (!search_defpath(arg0, pbuf, PATH_MAX)) {
@@ -721,7 +721,7 @@ execute(LinkList args, int flags, int defpath)
     } else {
 
 	if ((cn = (Cmdnam) cmdnamtab->getnode(cmdnamtab, arg0))) {
-	    char nn[PATH_MAX], *dptr;
+	    char nn[PATH_MAX+1], *dptr;
 
 	    if (cn->node.flags & HASHED)
 		strcpy(nn, cn->u.cmd);
@@ -815,7 +815,7 @@ findcmd(char *arg0, int docopy, int default_path)
 	    break;
 	}
     if (cn) {
-	char nn[PATH_MAX];
+	char nn[PATH_MAX+1];
 
 	if (cn->node.flags & HASHED)
 	    strcpy(nn, cn->u.cmd);
@@ -896,7 +896,7 @@ mod_export Cmdnam
 hashcmd(char *arg0, char **pp)
 {
     Cmdnam cn;
-    char *s, buf[PATH_MAX];
+    char *s, buf[PATH_MAX+1];
     char **pq;
 
     for (; *pp; pp++)
@@ -5593,7 +5593,7 @@ runshfunc(Eprog prog, FuncWrap wrap, char *name)
 Eprog
 getfpfunc(char *s, int *ksh, char **fname)
 {
-    char **pp, buf[PATH_MAX];
+    char **pp, buf[PATH_MAX+1];
     off_t len;
     off_t rlen;
     char *d;
@@ -5723,7 +5723,7 @@ cancd(char *s)
     char *t;
 
     if (*s != '/') {
-	char sbuf[PATH_MAX], **cp;
+	char sbuf[PATH_MAX+1], **cp;
 
 	if (cancd2(s))
 	    return s;
diff --git a/Src/glob.c b/Src/glob.c
index 50f6dce..33bf2ae 100644
--- a/Src/glob.c
+++ b/Src/glob.c
@@ -283,7 +283,7 @@ addpath(char *s, int l)
 static int
 statfullpath(const char *s, struct stat *st, int l)
 {
-    char buf[PATH_MAX];
+    char buf[PATH_MAX+1];
 
     DPUTS(strlen(s) + !*s + pathpos - pathbufcwd >= PATH_MAX,
 	  "BUG: statfullpath(): pathname too long");
@@ -779,7 +779,7 @@ parsepat(char *str)
 
     /* Now there is no (#X) in front, we can check the path. */
     if (!pathbuf)
-	pathbuf = zalloc(pathbufsz = PATH_MAX);
+	pathbuf = zalloc(pathbufsz = PATH_MAX+1);
     DPUTS(pathbufcwd, "BUG: glob changed directory");
     if (*str == '/') {		/* pattern has absolute path */
 	str++;
diff --git a/Src/hist.c b/Src/hist.c
index eebd7dc..5be7d25 100644
--- a/Src/hist.c
+++ b/Src/hist.c
@@ -1843,7 +1843,7 @@ chrealpath(char **junkptr)
 # ifdef REALPATH_ACCEPTS_NULL
     char *lastpos, *nonreal, *real;
 # else
-    char *lastpos, *nonreal, pathbuf[PATH_MAX];
+    char *lastpos, *nonreal, pathbuf[PATH_MAX+1];
     char *real = pathbuf;
 # endif
 #endif
diff --git a/Src/utils.c b/Src/utils.c
index 151e9e4..7bbd588 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -845,7 +845,7 @@ ispwd(char *s)
     return 0;
 }
 
-static char xbuf[PATH_MAX*2];
+static char xbuf[PATH_MAX*2+1];
 
 /**/
 static char **
@@ -884,7 +884,7 @@ static int
 xsymlinks(char *s, int full)
 {
     char **pp, **opp;
-    char xbuf2[PATH_MAX*3], xbuf3[PATH_MAX*2];
+    char xbuf2[PATH_MAX*3+1], xbuf3[PATH_MAX*2+1];
     int t0, ret = 0;
     zulong xbuflen = strlen(xbuf);
 
@@ -1003,7 +1003,7 @@ print_if_link(char *s, int all)
 	*xbuf = '\0';
 	if (all) {
 	    char *start = s + 1;
-	    char xbuflink[PATH_MAX];
+	    char xbuflink[PATH_MAX+1];
 	    for (;;) {
 		if (xsymlinks(start, 0) > 0) {
 		    printf(" -> ");
@@ -1140,7 +1140,7 @@ finddir(char *s)
 	if(homenode.diff==1)
 	    homenode.diff = 0;
 	if(!finddir_full)
-	    finddir_full = zalloc(ffsz = PATH_MAX);
+	    finddir_full = zalloc(ffsz = PATH_MAX+1);
 	finddir_full[0] = 0;
 	return finddir_last = NULL;
     }
@@ -1644,7 +1644,7 @@ checkmailpath(char **s)
 	} else if (S_ISDIR(st.st_mode)) {
 	    LinkList l;
 	    DIR *lock = opendir(unmeta(*s));
-	    char buf[PATH_MAX * 2], **arr, **ap;
+	    char buf[PATH_MAX * 2 + 1], **arr, **ap;
 	    int ct = 1;
 
 	    if (lock) {
@@ -6916,7 +6916,7 @@ strsfx(char *s, char *t)
 static int
 upchdir(int n)
 {
-    char buf[PATH_MAX];
+    char buf[PATH_MAX+1];
     char *s;
     int err = -1;
 



Messages sorted by: Reverse Date, Date, Thread, Author