aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Andersen <andersen@codepoet.org>2001-05-04 20:47:33 +0000
committerEric Andersen <andersen@codepoet.org>2001-05-04 20:47:33 +0000
commit7526f035f4feea48d4c686a2c5c484c4175976f9 (patch)
tree7e7a5c8f8b620362138967edc83a20fda3e0a346
parente5ffb911e89f244c7edcfe197c71b4b5e5955310 (diff)
downloadbusybox-7526f035f4feea48d4c686a2c5c484c4175976f9.tar.gz
Fix a buffer overflow. Which accounted for the size of the path, plus the the
'/', plus the size of the test command. It did not account for the terminating NULL, which overwrote the end of the string. -Erik
-rw-r--r--findutils/which.c2
-rw-r--r--which.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/findutils/which.c b/findutils/which.c
index 1d7524465..08813c149 100644
--- a/findutils/which.c
+++ b/findutils/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
argv++;
found = 0;
for (i = 0; i < count; i++) {
- char buf[strlen(path_n)+1+strlen(*argv)];
+ char buf[strlen(path_n)+strlen(*argv)+2];
strcpy (buf, path_n);
strcat (buf, "/");
strcat (buf, *argv);
diff --git a/which.c b/which.c
index 1d7524465..08813c149 100644
--- a/which.c
+++ b/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
argv++;
found = 0;
for (i = 0; i < count; i++) {
- char buf[strlen(path_n)+1+strlen(*argv)];
+ char buf[strlen(path_n)+strlen(*argv)+2];
strcpy (buf, path_n);
strcat (buf, "/");
strcat (buf, *argv);