From 7526f035f4feea48d4c686a2c5c484c4175976f9 Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Fri, 4 May 2001 20:47:33 +0000
Subject: Fix a buffer overflow.  Which accounted for the size of the path,
 plus the the '/', plus the size of the test command.  It did not account for
 the terminating NULL, which overwrote the end of the string.  -Erik

---
 findutils/which.c | 2 +-
 which.c           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/findutils/which.c b/findutils/which.c
index 1d7524465..08813c149 100644
--- a/findutils/which.c
+++ b/findutils/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
 		argv++;
 		found = 0;
 		for (i = 0; i < count; i++) {
-			char buf[strlen(path_n)+1+strlen(*argv)];
+			char buf[strlen(path_n)+strlen(*argv)+2];
 			strcpy (buf, path_n);
 			strcat (buf, "/");
 			strcat (buf, *argv);
diff --git a/which.c b/which.c
index 1d7524465..08813c149 100644
--- a/which.c
+++ b/which.c
@@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
 		argv++;
 		found = 0;
 		for (i = 0; i < count; i++) {
-			char buf[strlen(path_n)+1+strlen(*argv)];
+			char buf[strlen(path_n)+strlen(*argv)+2];
 			strcpy (buf, path_n);
 			strcat (buf, "/");
 			strcat (buf, *argv);
-- 
cgit v1.2.3