2004-03-01 Roland McGrath <roland@redhat.com>

	* strace.c (main): Avoid potential buffer overruns from ludicrous
	arguments or PATH values.
	* syscall.c (qual_signal): Bail out for too-long string.

diff --git a/syscall.c b/syscall.c
index 87f7a82920bef5da1fc8c09e0e0fb70b9bf76852..5c8a79e818f9559edfa3084fbabcc0a5d56b292f 100644 (file)
--- a/syscall.c
+++ b/syscall.c
@@ -302,6 +302,8 @@ qual_signal(s, opt, not)
                qualify_one(atoi(s), opt, not);
                return 1;
        }
+       if (strlen(s) >= sizeof buf)
+               return 0;
        strcpy(buf, s);
        s = buf;
        for (i = 0; s[i]; i++)