Use strlc{at,py} for paranoia's sake and exit on overflow. In all

cases the strings were either pre-allocated to the correct size of length checks were done before the copy but a little paranoia can go a long way.
2003-03-13 20:00:45 +00:00
parent a54c8e66fa
commit eebc763bd3
7 changed files with 72 additions and 44 deletions
--- a/parse.c
+++ b/parse.c
@@ -343,10 +343,9 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)

 	while ((dent = readdir(dirp)) != NULL) {
 	    /* ignore paths > MAXPATHLEN (XXX - log) */
-	    if (plen + NAMLEN(dent) >= sizeof(buf))
+	    if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf) ||
+		strlcat(buf, dent->d_name, sizeof(buf)) >= sizeof(buf))
 		continue;
-	    strcpy(buf, path);
-	    strcat(buf, dent->d_name);

 	    /* only stat if basenames are the same */
 	    if (strcmp(cmnd_base, dent->d_name) != 0 || stat(buf, &pst) == -1)