-
Dridi Boukelmoune authoredIf an absolute path is provided as n_arg with a length of exactly PATH_MAX-1 then the combination of strcpy and strcat for the trailing slash '/' overflows dn by one byte, writing its new null-terminating character '\0' right after dn's upper bound. By using a fixed-length VSB we can simply ensure that we stay within bounds at a reasonable cost. Guarding VSB operations should silence Flexelint as a nice side effect. VIN_n_Arg is not exposed outside of the source tree, and both callers today provide a valid dir argument, so we can now make it part of the contract with an assertion, simplifying the strdup error handling.
3a1fd9bb
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| libvarnish | ||
| libvarnishapi | ||
| libvcc | ||
| libvgz | ||
| libvmod_blob | ||
| libvmod_debug | ||
| libvmod_directors | ||
| libvmod_proxy | ||
| libvmod_purge | ||
| libvmod_std | ||
| libvmod_unix | ||
| libvmod_vtc | ||
| Makefile.am | ||
| flint.lnt |