Use strlc{at,py} for paranoia's sake and exit on overflow. In all

cases the strings were either pre-allocated to the correct size of length checks were done before the copy but a little paranoia can go a long way.
2003-03-13 20:00:45 +00:00
parent a54c8e66fa
commit eebc763bd3
7 changed files with 72 additions and 44 deletions
--- a/find_path.c
+++ b/find_path.c
@@ -82,6 +82,7 @@ find_path(infile, outfile, path)
    char *origpath;		/* so we can free path later */
    char *result = NULL;	/* result of path/file lookup */
    int checkdot = 0;		/* check current dir? */
+    int len;			/* length parameter */

    if (strlen(infile) >= MAXPATHLEN) {
 	(void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
@@ -93,7 +94,7 @@ find_path(infile, outfile, path)
     * there is no need to look at $PATH.
     */
    if (strchr(infile, '/')) {
-	(void) strcpy(command, infile);
+	strlcpy(command, infile, sizeof(command));	/* paranoia */
 	if (sudo_goodpath(command)) {
 	    *outfile = command;
 	    return(FOUND);
@@ -128,11 +129,11 @@ find_path(infile, outfile, path)
 	/*
 	 * Resolve the path and exit the loop if found.
 	 */
-	if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {
+	len = snprintf(command, sizeof(command), "%s/%s", path, infile);
+	if (len <= 0 || len >= sizeof(command)) {
 	    (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
 	    exit(1);
 	}
-	(void) sprintf(command, "%s/%s", path, infile);
 	if ((result = sudo_goodpath(command)))
 	    break;