diff options
author | Ben Boeckel <mathstuf@gmail.com> | 2015-10-17 11:58:44 -0400 |
---|---|---|
committer | Waldemar Brodkorb <wbx@uclibc-ng.org> | 2015-10-20 21:55:36 +0200 |
commit | 0074f6d29b2794ec9dbcb4a5e3c6e4defac220c2 (patch) | |
tree | e18a24e63e0b689bfb9b77c3744df3e51dd077c1 | |
parent | 312f482d395b591398296b5472a3884a12716cbd (diff) |
confdata: fix invalid write
stndup will copy *up to* the size parameter, not allocate a buffer of
that size, so the buffer is not necessarily large enough to fit the
".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
-rw-r--r-- | extra/config/confdata.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/extra/config/confdata.c b/extra/config/confdata.c index 61c91c248..94c63c0e8 100644 --- a/extra/config/confdata.c +++ b/extra/config/confdata.c @@ -814,7 +814,8 @@ next: fclose(out); if (*tmpname) { - dirname = strndup(basename, strlen(basename) + 4); + dirname = malloc(strlen(basename) + 4 + 1); + strcpy(dirname, basename); strcat(dirname, ".old"); rename(newname, dirname); free(dirname); |