1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed potentially buffer overrun.

Browse Source 
* win32/win32.c (winnt_stat): the return value of `get_final_path` is the
  expected buffer length, not the actuall filled length.

* win32/win32.c (winnt_stat): `finalname` may be accessed in the outer block of
  its definition via `path`.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57135 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
usa 2016-12-21 07:50:14 +00:00
parent c0ff5f4dd7
commit 5d6ace6121
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
win32/win32.c
View File

@ -5547,11 +5547,11 @@ static int
winnt_stat(const WCHAR *path, struct stati64 *st) winnt_stat(const WCHAR *path, struct stati64 *st)
{ {
HANDLE f; HANDLE f;
WCHAR finalname[PATH_MAX];
memset(st, 0, sizeof(*st)); memset(st, 0, sizeof(*st));
f = open_special(path, 0, 0); f = open_special(path, 0, 0);
if (f != INVALID_HANDLE_VALUE) { if (f != INVALID_HANDLE_VALUE) {
WCHAR finalname[PATH_MAX];
const DWORD attr = stati64_handle(f, st); const DWORD attr = stati64_handle(f, st);
const DWORD len = get_final_path(f, finalname, numberof(finalname), 0); const DWORD len = get_final_path(f, finalname, numberof(finalname), 0);
CloseHandle(f); CloseHandle(f);
@ -5560,7 +5560,7 @@ winnt_stat(const WCHAR *path, struct stati64 *st)
} }
st->st_mode = fileattr_to_unixmode(attr, path); st->st_mode = fileattr_to_unixmode(attr, path);
if (len) { if (len) {
finalname[len] = L'\0'; finalname[min(len, PATH_MAX-1)] = L'\0';
path = finalname; path = finalname;
if (wcsncmp(path, namespace_prefix, numberof(namespace_prefix)) == 0) if (wcsncmp(path, namespace_prefix, numberof(namespace_prefix)) == 0)
path += numberof(namespace_prefix); path += numberof(namespace_prefix);