From: David Levine Date: Sat, 13 Oct 2012 14:56:08 +0000 (-0500) Subject: Removed potential buffer overflow in ali.c by replacing array of X-Git-Url: http://git.marmaro.de/?a=commitdiff_plain;h=df215b409be636447d5ae80dc20eace0a6ada1b8;p=mmh Removed potential buffer overflow in ali.c by replacing array of hard-coded maximum size with dynamically-sized array. --- diff --git a/uip/ali.c b/uip/ali.c index 61ab6b2..e9a63fd 100644 --- a/uip/ali.c +++ b/uip/ali.c @@ -13,11 +13,6 @@ #include #include -/* - * maximum number of names - */ -#define NVEC 50 - static struct swit switches[] = { #define ALIASW 0 { "alias aliasfile", 0 }, @@ -59,7 +54,9 @@ main (int argc, char **argv) int i, vecp = 0, inverted = 0, list = 0; int noalias = 0, normalize = AD_NHST; char *cp, **ap, **argp, buf[BUFSIZ]; - char *vec[NVEC], **arguments; + /* Really only need to allocate for argc-1, but must allocate at least 1, + so go ahead and allocate for argc char pointers. */ + char **vec = mh_xmalloc (argc * sizeof (char *)), **arguments; struct aka *ak; #ifdef LOCALE @@ -124,7 +121,14 @@ main (int argc, char **argv) continue; } } - vec[vecp++] = cp; + + if (vecp < argc) { + vec[vecp++] = cp; + } else { + /* Should never happen, but try to protect against code changes + that could allow it. */ + adios (NULL, "too many arguments"); + } } if (!noalias) { @@ -151,23 +155,22 @@ main (int argc, char **argv) for (i = 0; i < vecp; i++) print_usr (vec[i], list, normalize); - - done (0); - } - - if (vecp) { - /* print specified aliases */ - for (i = 0; i < vecp; i++) - print_aka (akvalue (vec[i]), list, 0); } else { - /* print them all */ - for (ak = akahead; ak; ak = ak->ak_next) { - printf ("%s: ", ak->ak_name); - pos += strlen (ak->ak_name) + 1; - print_aka (akresult (ak), list, pos); + if (vecp) { + /* print specified aliases */ + for (i = 0; i < vecp; i++) + print_aka (akvalue (vec[i]), list, 0); + } else { + /* print them all */ + for (ak = akahead; ak; ak = ak->ak_next) { + printf ("%s: ", ak->ak_name); + pos += strlen (ak->ak_name) + 1; + print_aka (akresult (ak), list, pos); + } } } + free (vec); done (0); return 1; }