diff options
author | jkh <jkh@FreeBSD.org> | 1999-06-09 09:29:53 +0000 |
---|---|---|
committer | jkh <jkh@FreeBSD.org> | 1999-06-09 09:29:53 +0000 |
commit | 8da82e881eb07f24088a915f2ca871da4fca4525 (patch) | |
tree | 4ee16dcc9e76dd76bbd3da43c9e4edcecced66e1 | |
parent | 35bc1562804b277715a9c641c289f1bddeca9b98 (diff) | |
download | FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.zip FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.tar.gz |
where_arge is allocated on stack and return address is overwritten
by buffer overflow.
Submitted by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
-rw-r--r-- | usr.sbin/pkg_install/add/extract.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/pkg_install/add/extract.c b/usr.sbin/pkg_install/add/extract.c index ac8d4bf..ed3ad2c 100644 --- a/usr.sbin/pkg_install/add/extract.c +++ b/usr.sbin/pkg_install/add/extract.c @@ -1,6 +1,6 @@ #ifndef lint static const char rcsid[] = - "$Id: extract.c,v 1.22 1998/10/12 20:01:48 jkh Exp $"; + "$Id: extract.c,v 1.23 1998/10/28 22:44:24 jkh Exp $"; #endif /* @@ -29,8 +29,8 @@ static const char rcsid[] = #define STARTSTRING "tar cf - " -#define TOOBIG(str) ((strlen(str) + 22 + strlen(home) + where_count > maxargs) \ - || (strlen(str) + 6 + strlen(home) + perm_count > maxargs)) +#define TOOBIG(str) ((strlen(str) + FILENAME_MAX + where_count > maxargs) \ + || (strlen(str) + FILENAME_MAX + perm_count > maxargs)) #define PUSHOUT(todir) /* push out string */ \ if (where_count > sizeof(STARTSTRING)-1) { \ |