• Dridi Boukelmoune's avatar
    Kill strcat and strcpy usage in VIN_n_Arg · 3a1fd9bb
    Dridi Boukelmoune authored
    If an absolute path is provided as n_arg with a length of exactly
    PATH_MAX-1 then the combination of strcpy and strcat for the trailing
    slash '/' overflows dn by one byte, writing its new null-terminating
    character '\0' right after dn's upper bound.
    
    By using a fixed-length VSB we can simply ensure that we stay within
    bounds at a reasonable cost. Guarding VSB operations should silence
    Flexelint as a nice side effect.
    
    VIN_n_Arg is not exposed outside of the source tree, and both callers
    today provide a valid dir argument, so we can now make it part of the
    contract with an assertion, simplifying the strdup error handling.
    3a1fd9bb
Name
Last commit
Last update
.github Loading commit data...
bin Loading commit data...
doc Loading commit data...
etc Loading commit data...
include Loading commit data...
lib Loading commit data...
m4 Loading commit data...
man Loading commit data...
tools Loading commit data...
.dir-locals.el Loading commit data...
.gitignore Loading commit data...
.lgtm.yml Loading commit data...
.syntastic_c_config Loading commit data...
.travis.yml Loading commit data...
CONTRIBUTING Loading commit data...
ChangeLog Loading commit data...
INSTALL Loading commit data...
LICENSE Loading commit data...
Makefile.am Loading commit data...
README.Packaging Loading commit data...
README.rst Loading commit data...
autogen.des Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
flint.lnt Loading commit data...
varnish-legacy.m4 Loading commit data...
varnish.m4 Loading commit data...
varnishapi-uninstalled.pc.in Loading commit data...
varnishapi.pc.in Loading commit data...