diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-07-16 04:01:43 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2001-07-16 04:01:43 +0000 |
commit | b13e6e39feb604143d06d0b496c975828e73aa1d (patch) | |
tree | 6d9d844e6be1cabfab1fcc695f0d97535cf4807c /file.c | |
parent | f7d19237c6037a9efe3eab7344e99704da1df961 (diff) |
* eval.c (proc_invoke): should preserve iter status for embedded
frame in the block.
* file.c (rb_file_s_expand_path): may overrun buffer on stack.
* regex.c (re_search): should consider reverse search.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1613 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -1226,6 +1226,7 @@ rb_file_s_expand_path(argc, argv) VALUE fname, dname; char *s, *p; char buf[MAXPATHLEN+2]; + char *bend = buf + sizeof(buf) - 2; int tainted; rb_scan_args(argc, argv, "11", &fname, &dname); @@ -1240,6 +1241,7 @@ rb_file_s_expand_path(argc, argv) if (!dir) { rb_raise(rb_eArgError, "couldn't find HOME environment -- expanding `%s'", s); } + if (strlen(dir) > MAXPATHLEN) goto toolong; strcpy(buf, dir); p = &buf[strlen(buf)]; s++; @@ -1252,6 +1254,7 @@ rb_file_s_expand_path(argc, argv) #endif while (*s && !isdirsep(*s)) { *p++ = *s++; + if (p >= bend) goto toolong; } *p = '\0'; #ifdef HAVE_PWD_H @@ -1260,6 +1263,7 @@ rb_file_s_expand_path(argc, argv) endpwent(); rb_raise(rb_eArgError, "user %s doesn't exist", buf); } + if (strlen(pwPtr->pw_dir) > MAXPATHLEN) goto toolong; strcpy(buf, pwPtr->pw_dir); p = &buf[strlen(buf)]; endpwent(); @@ -1271,6 +1275,7 @@ rb_file_s_expand_path(argc, argv) else if (ISALPHA(s[0]) && s[1] == ':' && isdirsep(s[2])) { while (*s && !isdirsep(*s)) { *p++ = *s++; + if (p >= bend) goto toolong; } } #endif @@ -1278,6 +1283,7 @@ rb_file_s_expand_path(argc, argv) if (!NIL_P(dname)) { dname = rb_file_s_expand_path(1, &dname); if (OBJ_TAINTED(dname)) tainted = 1; + if (strlen(RSTRING(dname)->ptr) > MAXPATHLEN) goto toolong; strcpy(buf, RSTRING(dname)->ptr); } else { @@ -1294,6 +1300,7 @@ rb_file_s_expand_path(argc, argv) else { while (*s && isdirsep(*s)) { *p++ = '/'; + if (p >= bend) goto toolong; s++; } if (p > buf && *s) p--; @@ -1313,7 +1320,10 @@ rb_file_s_expand_path(argc, argv) } else { *++p = '.'; - do *++p = '.'; while (*++s == '.'); + do { + *++p = '.'; + if (p >= bend) goto toolong; + } while (*++s == '.'); --s; } break; @@ -1335,6 +1345,7 @@ rb_file_s_expand_path(argc, argv) if (!isdirsep(*p)) *++p = '/'; break; default: *++p = *s; + if (p >= bend) goto toolong; } } @@ -1345,6 +1356,10 @@ rb_file_s_expand_path(argc, argv) fname = rb_str_new2(buf); if (tainted) OBJ_TAINT(fname); return fname; + + toolong: + rb_raise(rb_eArgError, "argument too long (size=%d)", RSTRING(fname)->len); + return Qnil; /* not reached */ } static int |