summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Boeckel <mathstuf@gmail.com>2015-10-17 11:58:44 -0400
committerWaldemar Brodkorb <wbx@uclibc-ng.org>2015-10-20 21:55:36 +0200
commit0074f6d29b2794ec9dbcb4a5e3c6e4defac220c2 (patch)
treee18a24e63e0b689bfb9b77c3744df3e51dd077c1
parent312f482d395b591398296b5472a3884a12716cbd (diff)
confdata: fix invalid write
stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension. Caught with glibc's MALLOC_CHECK_=3. Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
-rw-r--r--extra/config/confdata.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/extra/config/confdata.c b/extra/config/confdata.c
index 61c91c248..94c63c0e8 100644
--- a/extra/config/confdata.c
+++ b/extra/config/confdata.c
@@ -814,7 +814,8 @@ next:
fclose(out);
if (*tmpname) {
- dirname = strndup(basename, strlen(basename) + 4);
+ dirname = malloc(strlen(basename) + 4 + 1);
+ strcpy(dirname, basename);
strcat(dirname, ".old");
rename(newname, dirname);
free(dirname);