vm-file-editor: fix potential buffer overflow
If we're being sent something without a zero byte, we could happily read off the end of the buffer. Interestingly, the write part was checking for the max bound.
This commit is contained in:
parent
c9a25b8915
commit
11b8f9be20
@ -28,11 +28,12 @@ char *get_filename()
|
|||||||
int i;
|
int i;
|
||||||
if (!read_all(0, buf, sizeof(buf)))
|
if (!read_all(0, buf, sizeof(buf)))
|
||||||
exit(1);
|
exit(1);
|
||||||
|
buf[DVM_FILENAME_SIZE-1] = 0;
|
||||||
if (index(buf, '/')) {
|
if (index(buf, '/')) {
|
||||||
fprintf(stderr, "filename contains /");
|
fprintf(stderr, "filename contains /");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) {
|
for (i=0; buf[i]!=0; i++) {
|
||||||
// replace some characters with _ (eg mimeopen have problems with some of them)
|
// replace some characters with _ (eg mimeopen have problems with some of them)
|
||||||
if (index(" !?\"#$%^&*()[]<>;`~", buf[i]))
|
if (index(" !?\"#$%^&*()[]<>;`~", buf[i]))
|
||||||
buf[i]='_';
|
buf[i]='_';
|
||||||
|
Loading…
Reference in New Issue
Block a user