merge revision(s) 57135,57136: [Backport #13058]

Fixed potentially buffer overrun. * win32/win32.c (winnt_stat): the return value of `get_final_path` is the expected buffer length, not the actuall filled length. * win32/win32.c (winnt_stat): `finalname` may be accessed in the outer block of its definition via `path`. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@57351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-01-16 19:51:56 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-01-16 19:51:56 +0000
commit: 565b6da190bd4d0f470c27a909dbd5e865f2fe75 (patch)
tree: 61629ce4be4987daa2a281109bc1550919e77a07
parent: aa983c4ccb9db02b47d4f4a470a12111644518f4 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/version.h b/version.h
index bdef6a33a5..294985cd56 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.3.3"
 #define RUBY_RELEASE_DATE "2017-01-17"
-#define RUBY_PATCHLEVEL 235
+#define RUBY_PATCHLEVEL 236
 
 #define RUBY_RELEASE_YEAR 2017
 #define RUBY_RELEASE_MONTH 1
diff --git a/win32/win32.c b/win32/win32.c
index 9960ddc6ce..39ba1c6cee 100644
--- a/win32/win32.c
+++ b/win32/win32.c
@@ -5429,11 +5429,11 @@ static int
 winnt_stat(const WCHAR *path, struct stati64 *st)
 {
     HANDLE f;
+    WCHAR finalname[MAX_PATH];
 
     memset(st, 0, sizeof(*st));
     f = open_special(path, 0, 0);
     if (f != INVALID_HANDLE_VALUE) {
-	WCHAR finalname[MAX_PATH];
 	const DWORD attr = stati64_handle(f, st);
 	const DWORD len = get_final_path(f, finalname, numberof(finalname), 0);
 	CloseHandle(f);
@@ -5442,7 +5442,7 @@ winnt_stat(const WCHAR *path, struct stati64 *st)
 	}
 	st->st_mode = fileattr_to_unixmode(attr, path);
 	if (len) {
-	    finalname[len] = L'\0';
+	    finalname[min(len, PATH_MAX-1)] = L'\0';
 	    path = finalname;
 	    if (wcsncmp(path, namespace_prefix, numberof(namespace_prefix)) == 0)
 		path += numberof(namespace_prefix);
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-01-16 19:51:56 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-01-16 19:51:56 +0000
commit	565b6da190bd4d0f470c27a909dbd5e865f2fe75 (patch)
tree	61629ce4be4987daa2a281109bc1550919e77a07
parent	aa983c4ccb9db02b47d4f4a470a12111644518f4 (diff)