From: Roland McGrath <roland@redhat.com>
Date: Tue, 2 Mar 2004 06:50:04 +0000 (+0000)
Subject: 2004-03-01  Roland McGrath  <roland@redhat.com>
X-Git-Tag: v4.5.18~614
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bdb09df1866b8c50317011938bb963aa9d694cd6;p=strace

2004-03-01  Roland McGrath  <roland@redhat.com>

	* strace.c (main): Avoid potential buffer overruns from ludicrous
	arguments or PATH values.
---

diff --git a/strace.c b/strace.c
index 3f42b3c3..23d72c8d 100644
--- a/strace.c
+++ b/strace.c
@@ -417,8 +417,14 @@ char *argv[];
 		char pathname[MAXPATHLEN];
 
 		filename = argv[optind];
-		if (strchr(filename, '/'))
+		if (strchr(filename, '/')) {
+			if (strlen(filename) > sizeof pathname - 1) {
+				errno = ENAMETOOLONG;
+				perror("strace: exec");
+				exit(1);
+			}
 			strcpy(pathname, filename);
+		}
 #ifdef USE_DEBUGGING_EXEC
 		/*
 		 * Debuggers customarily check the current directory
@@ -443,6 +449,8 @@ char *argv[];
 					getcwd(pathname, MAXPATHLEN);
 					len = strlen(pathname);
 				}
+				else if (n > sizeof pathname - 1)
+					continue;
 				else {
 					strncpy(pathname, path, n);
 					len = n;