mirror of git://git.code.sf.net/p/zsh/code
42607, CVE-2018-1100: check bounds on buffer in mail checking
This commit is contained in:
parent
4044d73706
commit
31f7220563
|
@ -1,5 +1,8 @@
|
|||
2018-04-07 Oliver Kiddle <okiddle@yahoo.co.uk>
|
||||
|
||||
* 42607, CVE-2018-1100: Src/utils.c: check bounds on buffer
|
||||
in mail checking
|
||||
|
||||
* 42600: Src/Zle/computil.c: error paths for _values leaked
|
||||
the exclusion list array
|
||||
|
||||
|
|
|
@ -1653,7 +1653,7 @@ checkmailpath(char **s)
|
|||
LinkList l;
|
||||
DIR *lock = opendir(unmeta(*s));
|
||||
char buf[PATH_MAX * 2 + 1], **arr, **ap;
|
||||
int ct = 1;
|
||||
int buflen, ct = 1;
|
||||
|
||||
if (lock) {
|
||||
char *fn;
|
||||
|
@ -1662,9 +1662,11 @@ checkmailpath(char **s)
|
|||
l = newlinklist();
|
||||
while ((fn = zreaddir(lock, 1)) && !errflag) {
|
||||
if (u)
|
||||
sprintf(buf, "%s/%s?%s", *s, fn, u);
|
||||
buflen = snprintf(buf, sizeof(buf), "%s/%s?%s", *s, fn, u);
|
||||
else
|
||||
sprintf(buf, "%s/%s", *s, fn);
|
||||
buflen = snprintf(buf, sizeof(buf), "%s/%s", *s, fn);
|
||||
if (buflen < 0 || buflen >= (int)sizeof(buf))
|
||||
continue;
|
||||
addlinknode(l, dupstring(buf));
|
||||
ct++;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue