* win32/dir.h, win32/win32.c (rb_w32_opendir, rb_w32_readdir,

rb_w32_closedir): get rid of possible buffer-overflows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-03-17 23:42:00 +00:00 · 2007-03-17 23:42:00 +00:00 · f3cde2b5fb
commit f3cde2b5fb
parent 966a25465a
4 changed files with 23 additions and 12 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Sun Mar 18 08:31:51 2007  NAKAMURA Usaku  <usa@ruby-lang.org>
+
+	* win32/dir.h, win32/win32.c (rb_w32_opendir, rb_w32_readdir,
+	  rb_w32_closedir): get rid of possible buffer-overflows.
+
 Sat Mar 17 19:10:39 2007  Kouhei Sutou  <kou@cozmixng.org>

 	* lib/rss, test/rss:
--- a/version.h
+++ b/version.h
@ -1,7 +1,7 @@
 #define RUBY_VERSION "1.9.0"
-#define RUBY_RELEASE_DATE "2007-03-17"
+#define RUBY_RELEASE_DATE "2007-03-18"
 #define RUBY_VERSION_CODE 190
-#define RUBY_RELEASE_CODE 20070317
+#define RUBY_RELEASE_CODE 20070318
 #define RUBY_PATCHLEVEL 0

 #define RUBY_VERSION_MAJOR 1
@ -9,7 +9,7 @@
 #define RUBY_VERSION_TEENY 0
 #define RUBY_RELEASE_YEAR 2007
 #define RUBY_RELEASE_MONTH 3
-#define RUBY_RELEASE_DAY 17
+#define RUBY_RELEASE_DAY 18

 RUBY_EXTERN const char ruby_version[];
 RUBY_EXTERN const char ruby_release_date[];
--- a/win32/dir.h
+++ b/win32/dir.h
@ -12,7 +12,7 @@ struct direct
 {
    long d_namlen;
    ino_t d_ino;
-    char d_name[256];
+    char *d_name;
    char d_isdir; /* directory */
    char d_isrep; /* reparse point */
 };
--- a/win32/win32.c
+++ b/win32/win32.c
@ -1409,8 +1409,7 @@ rb_w32_opendir(const char *filename)
    DIR               *p;
    long               len;
    long               idx;
-    char               scannamespc[PATHLEN];
-    char	      *scanname = scannamespc;
+    char	      *scanname;
    struct stati64     sbuf;
    WIN32_FIND_DATA fd;
    HANDLE          fh;
@ -1432,14 +1431,17 @@ rb_w32_opendir(const char *filename)
    // Get us a DIR structure
    //

-    p = xcalloc(sizeof(DIR), 1);
+    p = calloc(sizeof(DIR), 1);
    if (p == NULL)
 	return NULL;
    
    //
    // Create the search pattern
    //
-
+    if (!(scanname = malloc(strlen(filename) + 2 + 1))) {
+	free(p);
+	return NULL;
+    }
    strcpy(scanname, filename);

    if (index("/\\:", *CharPrev(scanname, scanname + strlen(scanname))) == NULL)
@ -1452,6 +1454,7 @@ rb_w32_opendir(const char *filename)
    //

    fh = FindFirstFile(scanname, &fd);
+    free(scanname);
    if (fh == INVALID_HANDLE_VALUE) {
 	errno = map_errno(GetLastError());
 	free(p);
@ -1553,9 +1556,10 @@ rb_w32_readdir(DIR *dirp)
 	//
 	// first set up the structure to return
 	//
-
-	strcpy(dirp->dirstr.d_name, dirp->curr);
 	dirp->dirstr.d_namlen = strlen(dirp->curr);
+	if (!(dirp->dirstr.d_name = malloc(dirp->dirstr.d_namlen + 1)))
+	    return NULL;
+	strcpy(dirp->dirstr.d_name, dirp->curr);

 	//
 	// Fake inode
@ -1622,6 +1626,8 @@ rb_w32_rewinddir(DIR *dirp)
 void
 rb_w32_closedir(DIR *dirp)
 {
+    if (dirp->dirstr.d_name)
+	free(dirp->dirstr.d_name);
    free(dirp->start);
    free(dirp->bits);
    free(dirp);