where_arge is allocated on stack and return address is overwritten

by buffer overflow. Submitted by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
author: jkh <jkh@FreeBSD.org> 1999-06-09 09:29:53 +0000
committer: jkh <jkh@FreeBSD.org> 1999-06-09 09:29:53 +0000
commit: 8da82e881eb07f24088a915f2ca871da4fca4525 (patch)
tree: 4ee16dcc9e76dd76bbd3da43c9e4edcecced66e1
parent: 35bc1562804b277715a9c641c289f1bddeca9b98 (diff)
download: FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.zip
FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/pkg_install/add/extract.c b/usr.sbin/pkg_install/add/extract.c
index ac8d4bf..ed3ad2c 100644
--- a/usr.sbin/pkg_install/add/extract.c
+++ b/usr.sbin/pkg_install/add/extract.c
@@ -1,6 +1,6 @@
 #ifndef lint
 static const char rcsid[] =
-	"$Id: extract.c,v 1.22 1998/10/12 20:01:48 jkh Exp $";
+	"$Id: extract.c,v 1.23 1998/10/28 22:44:24 jkh Exp $";
 #endif
 
 /*
@@ -29,8 +29,8 @@ static const char rcsid[] =
 
 
 #define STARTSTRING "tar cf - "
-#define TOOBIG(str) ((strlen(str) + 22 + strlen(home) + where_count > maxargs) \
-		|| (strlen(str) + 6 + strlen(home) + perm_count > maxargs))
+#define TOOBIG(str) ((strlen(str) + FILENAME_MAX + where_count > maxargs) \
+		|| (strlen(str) + FILENAME_MAX + perm_count > maxargs))
 
 #define PUSHOUT(todir) /* push out string */ \
         if (where_count > sizeof(STARTSTRING)-1) { \
author	jkh <jkh@FreeBSD.org>	1999-06-09 09:29:53 +0000
committer	jkh <jkh@FreeBSD.org>	1999-06-09 09:29:53 +0000
commit	8da82e881eb07f24088a915f2ca871da4fca4525 (patch)
tree	4ee16dcc9e76dd76bbd3da43c9e4edcecced66e1
parent	35bc1562804b277715a9c641c289f1bddeca9b98 (diff)
download	FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.zip FreeBSD-src-8da82e881eb07f24088a915f2ca871da4fca4525.tar.gz