Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

PATH_MAX used dangerously -- do we care?



I can find at least half a dozen places where some form of user input is
sprintf'd or strcpy'd into a PATH_MAX-sized stack buffer or static buffer.
The most obvious one is in sourcehome() in init.c, where $ZDOTDIR plus a
slash and file name is sprintf'd into such a buffer.

In all cases I found, the string being placed in the buffer really is a
path name, so PATH_MAX is a reasonable limit upon it; so I don't suggest
switching to dynamic buffers, but shouldn't there be a bounds check?

-- 
Bart Schaefer                             Brass Lantern Enterprises
http://www.well.com/user/barts            http://www.nbn.com/people/lantern

New male in /home/schaefer:
>N  2 Justin William Schaefer  Sat May 11 03:43  53/4040  "Happy Birthday"




Messages sorted by: Reverse Date, Date, Thread, Author