On Wed, Feb 27, 2008 at 12:04:15PM -0700, Myles Watson wrote:

The changes are all in util/lar/lib.c use MAX_PATHLEN instead of defining a new MAX_PATH do the math before any string operations and fail if the new name will be larger than MAX_PATHLEN use strcpy and strcat since we know it's safe.

Myles

Signed-off-by: Myles Watson mylesgw@gmail.com

Hey - nice one!

Acked-by: Peter Stuge peter@stuge.se

Index: util/lar/lib.c

--- util/lar/lib.c (revision 622) +++ util/lar/lib.c (working copy) @@ -32,8 +32,6 @@ #include "lar.h" #include "lib.h"

-#define MAX_PATH 1024

static struct file *files = NULL;

/** @@ -193,21 +191,30 @@ fprintf(stderr, "Could not enter directory %s\n", name); } else { while (n--) {

• 	char fullname[MAX_PATH];
  

• 	char fullname[MAX_PATHLEN+1];
  

• 	int len = 0;
  
  

• 	fullname[0] = '\0';
  

• if (strncmp("..", namelist[n]->d_name, 3) &&
      strncmp(".", namelist[n]->d_name, 2)) {
  
  

• 		strncpy(fullname, name, MAX_PATH);
  

• 		len = strlen(name);
  

• 		len += (name[len-1]=='/'?1:0);
  

• 		len += strlen(namelist[n]->d_name);
  
  

• 		if (len > MAX_PATHLEN) {
  

• 			fprintf(stderr,
  

• 				"%s: %s+%s exceeds MAX_PATHLEN.\n",
  

• 				__FUNCTION__,name,
  

• 				namelist[n]->d_name);
  

• 			return -1;
  

• 		}
  

• 		strcpy(fullname, name);
  	if (name[(strlen(name)) - 1] != '/') {
  

• 			strncat(fullname, "/", MAX_PATH);
  

• 			strcat(fullname, "/");
  	}
  
  

• 		strncat(fullname, namelist[n]->d_name,
  

• 			MAX_PATH);
  

• 		strcat(fullname, namelist[n]->d_name);
  
  	add_files(fullname);
  }