From d0278ec97ffd252094cf56ea00e40b3c6f442a7a Mon Sep 17 00:00:00 2001 From: Andrew MacIntyre Date: Sun, 12 Dec 2004 08:28:11 +0000 Subject: OS/2 specific fixes related to SF bug # 1003471 --- PC/os2emx/getpathp.c | 13 ++++++++++++- PC/os2vacpp/getpathp.c | 11 +++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/PC/os2emx/getpathp.c b/PC/os2emx/getpathp.c index 4a4c893..7bfd19e 100644 --- a/PC/os2emx/getpathp.c +++ b/PC/os2emx/getpathp.c @@ -132,7 +132,16 @@ ismodule(char *filename) return 0; } -/* guarantees buffer will never overflow MAXPATHLEN+1 bytes */ +/* Add a path component, by appending stuff to buffer. + buffer must have at least MAXPATHLEN + 1 bytes allocated, and contain a + NUL-terminated string with no more than MAXPATHLEN characters (not counting + the trailing NUL). It's a fatal error if it contains a string longer than + that (callers must be careful!). If these requirements are met, it's + guaranteed that buffer will still be a NUL-terminated string with no more + than MAXPATHLEN characters at exit. If stuff is too long, only as much of + stuff as fits will be appended. +*/ + static void join(char *buffer, char *stuff) { @@ -144,6 +153,8 @@ join(char *buffer, char *stuff) if (n > 0 && !is_sep(buffer[n-1]) && n < MAXPATHLEN) buffer[n++] = SEP; } + if (n > MAXPATHLEN) + Py_FatalError("buffer overflow in getpathp.c's joinpath()"); k = strlen(stuff); if (n + k > MAXPATHLEN) k = MAXPATHLEN - n; diff --git a/PC/os2vacpp/getpathp.c b/PC/os2vacpp/getpathp.c index 5860e75..607f2a1 100644 --- a/PC/os2vacpp/getpathp.c +++ b/PC/os2vacpp/getpathp.c @@ -83,6 +83,15 @@ exists(char *filename) } +/* Add a path component, by appending stuff to buffer. + buffer must have at least MAXPATHLEN + 1 bytes allocated, and contain a + NUL-terminated string with no more than MAXPATHLEN characters (not counting + the trailing NUL). It's a fatal error if it contains a string longer than + that (callers must be careful!). If these requirements are met, it's + guaranteed that buffer will still be a NUL-terminated string with no more + than MAXPATHLEN characters at exit. If stuff is too long, only as much of + stuff as fits will be appended. +*/ static void join(char *buffer, char *stuff) { @@ -94,6 +103,8 @@ join(char *buffer, char *stuff) if (n > 0 && !is_sep(buffer[n-1]) && n < MAXPATHLEN) buffer[n++] = SEP; } + if (n > MAXPATHLEN) + Py_FatalError("buffer overflow in getpathp.c's joinpath()"); k = strlen(stuff); if (n + k > MAXPATHLEN) k = MAXPATHLEN - n; -- cgit v0.12