summaryrefslogtreecommitdiff
path: root/win32
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-09-29 13:54:50 (GMT)
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-09-29 13:54:50 (GMT)
commitedae1c72008cdd59f3ae3ed2a9172dc74e87e1b6 (patch)
treee839ef66a7d31cfc8d71465d8a86cab2a965bc11 /win32
parentef08f00541f2e3f2a409b3dfc474ac8611b20452 (diff)
win32/file.c: fix no user exception
* win32/file.c (append_wstr): set expanded length, not length of appended string. fix "probable buffer overflow" bug. [ruby-core:65317] [Bug #10304] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47738 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'win32')
-rw-r--r--win32/file.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/win32/file.c b/win32/file.c
index 99c3521..fc10ca0 100644
--- a/win32/file.c
+++ b/win32/file.c
@@ -272,14 +272,14 @@ replace_to_long_name(wchar_t **wfullpath, size_t size, int heap)
}
static inline size_t
-user_length_in_path(const wchar_t *wuser)
+user_length_in_path(const wchar_t *wuser, size_t len)
{
- const wchar_t *pos = wuser;
+ size_t i;
- while (!IS_DIR_SEPARATOR_P(*pos) && *pos != '\0')
- pos++;
+ for (i = 0; i < len && !IS_DIR_SEPARATOR_P(wuser[i]); i++)
+ ;
- return pos - wuser;
+ return i;
}
static VALUE
@@ -293,7 +293,7 @@ append_wstr(VALUE dst, const wchar_t *ws, size_t len, UINT cp, UINT path_cp, rb_
rb_str_modify_expand(dst, nlen);
WideCharToMultiByte(cp, 0, ws, len, RSTRING_PTR(dst) + olen, nlen, NULL, NULL);
rb_enc_associate(dst, path_encoding);
- rb_str_set_len(dst, nlen);
+ rb_str_set_len(dst, olen + nlen);
}
else {
const int replaceflags = ECONV_UNDEF_REPLACE|ECONV_INVALID_REPLACE;
@@ -402,7 +402,7 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na
}
else if (abs_mode == 0 && wpath_len >= 2 && wpath_pos[0] == L'~') {
result = rb_str_new_cstr("can't find user ");
- result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1),
+ result = append_wstr(result, wpath_pos + 1, user_length_in_path(wpath_pos + 1, wpath_len - 1),
cp, path_cp, path_encoding);
if (wpath)
@@ -478,7 +478,7 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na
}
else if (abs_mode == 0 && wdir_len >= 2 && wdir_pos[0] == L'~') {
result = rb_str_new_cstr("can't find user ");
- result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1),
+ result = append_wstr(result, wdir_pos + 1, user_length_in_path(wdir_pos + 1, wdir_len - 1),
cp, path_cp, path_encoding);
if (wpath)
free(wpath);