Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits b275360
HBSD: Fix buffer overflow
Shawn Webb committed 1 year ago
commit b275360159d2e9d83a873fb3a985667a38eed68d
parent 76191f7
1 file changed +6 -1
modified libpkg/pkg_add.c
@@ -78,6 +78,11 @@ merge_with_external_tool(const char *merge_tool, struct pkg_config_file *lcf,
	int status;

	FILE *inout[2];
+ 
	if (strlen(merge_tool) >= MAXPATHLEN) {
+ 
		pkg_emit_error("External merge path %s is invalid", merge_tool);
+ 
		return MERGE_FAILED;
+ 
	}
+ 


	char *tmpdir = getenv("TMPDIR");

	if (tmpdir == NULL)

		tmpdir = "/tmp";
@@ -138,7 +143,7 @@ merge_with_external_tool(const char *merge_tool, struct pkg_config_file *lcf,
	}



	char command[MAXPATHLEN];
- 
	for (int i = 0; *merge_tool != '\0'; i++, merge_tool++) {
+ 
	for (int i = 0; i < sizeof(command) - 1 && *merge_tool != '\0'; i++, merge_tool++) {

		if (*merge_tool != '%') {

			command[i] = *merge_tool;

			continue;