Skip to content

Commit

Permalink
alternatives: fix possible buffer overrun
Browse files Browse the repository at this point in the history 
We allocated a buffer for a string and then we use the same buffer
for a completely different string.
  • Loading branch information
@lnykryn @jamacku
lnykryn authored and jamacku committed Aug 1, 2023
1 parent 6cf7e81 commit 82faf12
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions alternatives.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ char *parseLine(char **buf) {
static int readConfig(struct alternativeSet *set, const char *title,
const char *altDir, const char *stateDir, int flags) {
char *path;
char *leader_path;
int fd;
int i;
struct stat sb;
Expand Down Expand Up @@ -448,9 +449,10 @@ static int readConfig(struct alternativeSet *set, const char *title,
}
}

sprintf(path, "%s/%s", altDir, set->alts[0].leader.title);
leader_path = alloca(strlen(altDir) + strlen(set->alts[0].leader.title) + 2);
sprintf(leader_path, "%s/%s", altDir, set->alts[0].leader.title);

if (((i = readlink(path, linkBuf, sizeof(linkBuf) - 1)) < 0)) {
if (((i = readlink(leader_path, linkBuf, sizeof(linkBuf) - 1)) < 0)) {
fprintf(stderr, _("failed to read link %s: %s\n"),
set->alts[0].leader.facility, strerror(errno));
return 2;
Expand Down

0 comments on commit 82faf12

Please sign in to comment.