876987c960
For non-propolice systems this might be exploitable when the user-provided data (e.g. certain filenames) or the locale files are manipulated. Mostly-found-by: xfocus, see [xfocus-SD-051202] on VulnWatch. Some additional cases are handled which have the same impact. Bump revision.
16 lines
546 B
Text
16 lines
546 B
Text
$NetBSD: patch-bk,v 1.1 2006/01/07 21:08:12 joerg Exp $
|
|
|
|
--- clients/uil/UilSrcSrc.c.orig 2006-01-06 20:50:23.000000000 +0100
|
|
+++ clients/uil/UilSrcSrc.c
|
|
@@ -629,8 +629,10 @@ open_source_file( XmConst char
|
|
char buffer[256];
|
|
|
|
|
|
- /* place the file name in the expanded_name buffer */
|
|
+ if (strlen(c_file_name) >= sizeof(buffer + 1))
|
|
+ return src_k_open_error;
|
|
|
|
+ /* place the file name in the expanded_name buffer */
|
|
strcpy(buffer, c_file_name);
|
|
|
|
/* Determine if this is the main file or an include file. */
|