From 7526f035f4feea48d4c686a2c5c484c4175976f9 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Fri, 4 May 2001 20:47:33 +0000 Subject: [PATCH] Fix a buffer overflow. Which accounted for the size of the path, plus the the '/', plus the size of the test command. It did not account for the terminating NULL, which overwrote the end of the string. -Erik --- findutils/which.c | 2 +- which.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/findutils/which.c b/findutils/which.c index 1d7524465..08813c149 100644 --- a/findutils/which.c +++ b/findutils/which.c @@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv) argv++; found = 0; for (i = 0; i < count; i++) { - char buf[strlen(path_n)+1+strlen(*argv)]; + char buf[strlen(path_n)+strlen(*argv)+2]; strcpy (buf, path_n); strcat (buf, "/"); strcat (buf, *argv); diff --git a/which.c b/which.c index 1d7524465..08813c149 100644 --- a/which.c +++ b/which.c @@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv) argv++; found = 0; for (i = 0; i < count; i++) { - char buf[strlen(path_n)+1+strlen(*argv)]; + char buf[strlen(path_n)+strlen(*argv)+2]; strcpy (buf, path_n); strcat (buf, "/"); strcat (buf, *argv);