diff options
author | dkf <donal.k.fellows@manchester.ac.uk> | 2010-08-19 10:04:14 (GMT) |
---|---|---|
committer | dkf <donal.k.fellows@manchester.ac.uk> | 2010-08-19 10:04:14 (GMT) |
commit | cf776b747dcba5470727998f2fc84633b2cc5d1c (patch) | |
tree | a11df836ebaaa80784e40b4abf91e1ffb48f5c7a | |
parent | 5ed9fe2cc9c49f4a4233682d08b2f7d1293cf279 (diff) | |
download | tcl-cf776b747dcba5470727998f2fc84633b2cc5d1c.zip tcl-cf776b747dcba5470727998f2fc84633b2cc5d1c.tar.gz tcl-cf776b747dcba5470727998f2fc84633b2cc5d1c.tar.bz2 |
* generic/tclTrace.c (TraceExecutionObjCmd, TraceCommandObjCmd)
(TraceVariableObjCmd): [Patch 3048354]: Use memcpy() instead of
strcpy() to avoid buffer overflow; we have the correct length of data
to copy anyway since we've just allocated the target buffer.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | generic/tclTrace.c | 8 |
2 files changed, 11 insertions, 4 deletions
@@ -1,3 +1,10 @@ +2010-08-19 Donal K. Fellows <dkf@users.sf.net> + + * generic/tclTrace.c (TraceExecutionObjCmd, TraceCommandObjCmd) + (TraceVariableObjCmd): [Patch 3048354]: Use memcpy() instead of + strcpy() to avoid buffer overflow; we have the correct length of data + to copy anyway since we've just allocated the target buffer. + 2010-08-15 Donal K. Fellows <dkf@users.sf.net> * generic/tclProc.c (ProcWrongNumArgs): [Bug 3045010]: Make the diff --git a/generic/tclTrace.c b/generic/tclTrace.c index 346defc..1a6d60d 100644 --- a/generic/tclTrace.c +++ b/generic/tclTrace.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclTrace.c,v 1.47.2.2 2009/10/17 22:35:58 dkf Exp $ + * RCS: @(#) $Id: tclTrace.c,v 1.47.2.3 2010/08/19 10:04:15 dkf Exp $ */ #include "tclInt.h" @@ -466,7 +466,7 @@ TraceExecutionObjCmd( TCL_TRACE_LEAVE_DURING_EXEC)) { flags |= (TCL_TRACE_ENTER_EXEC | TCL_TRACE_LEAVE_EXEC); } - strcpy(tcmdPtr->command, command); + memcpy(tcmdPtr->command, command, length+1); name = Tcl_GetString(objv[3]); if (Tcl_TraceCommand(interp, name, flags, TraceCommandProc, (ClientData) tcmdPtr) != TCL_OK) { @@ -704,7 +704,7 @@ TraceCommandObjCmd( tcmdPtr->length = length; tcmdPtr->refCount = 1; flags |= TCL_TRACE_DELETE; - strcpy(tcmdPtr->command, command); + memcpy(tcmdPtr->command, command, length+1); name = Tcl_GetString(objv[3]); if (Tcl_TraceCommand(interp, name, flags, TraceCommandProc, (ClientData) tcmdPtr) != TCL_OK) { @@ -909,7 +909,7 @@ TraceVariableObjCmd( } ctvarPtr->traceCmdInfo.length = length; flags |= TCL_TRACE_UNSETS | TCL_TRACE_RESULT_OBJECT; - strcpy(ctvarPtr->traceCmdInfo.command, command); + memcpy(ctvarPtr->traceCmdInfo.command, command, length+1); ctvarPtr->traceInfo.traceProc = TraceVarProc; ctvarPtr->traceInfo.clientData = (ClientData) &ctvarPtr->traceCmdInfo; |