Fixed buffer overflow when supplying a path longer than PATH_MAX (patch by Tobias Stoeckmann)

git-svn-id: svn://blicky.net/ncdu/trunk@28 ce56bc8d-f834-0410-b703-f827bd498a76
2007-11-01 19:40:30 +00:00 · 2007-11-01 19:40:30 +00:00 · 8a71f8860c
--- a/src/calc.c
+++ b/src/calc.c
@ -60,6 +60,8 @@ char *rpath(const char *from, char *to) {
      strcpy(tmp, cwd);
    else
      tmp[0] = 0;
+    if(strlen(cur) + 2 > PATH_MAX - strlen(tmp))
+      return(NULL);
    strcat(tmp, "/");
    strcat(tmp, cur);
  } else
@ -357,6 +359,7 @@ struct dir *showCalc(char *path) {
  *lasterr = '\0';
  anpos = 0;
  lastupdate = 999;
+  memset(tmp, 0, PATH_MAX);

 /* init parent dir */
  if(rpath(path, tmp) == NULL || lstat(tmp, &fs) != 0 || !S_ISDIR(fs.st_mode)) {
--- a/src/main.c
+++ b/src/main.c
@ -87,7 +87,10 @@ void parseCli(int argc, char **argv) {
            exit(1);
        }
    } else {
-      strcpy(sdir, argv[i]);
+      sdir[PATH_MAX - 1] = 0;
+      strncpy(sdir, argv[i], PATH_MAX);
+      if(sdir[PATH_MAX - 1] != 0)
+        sdir[0] = 0;
    }
  }
  if(s_export && !sdir[0]) {