sh: Fix bss-based buffer overflow in . builtin.

If the length of a directory in PATH together with the given filename exceeded FILENAME_MAX (which may happen even for pathnames that work), a static buffer was overflown. The static buffer is unnecessary, we can use the stalloc() stack. Obtained from: NetBSD MFC after: 1 week
author: jilles <jilles@FreeBSD.org> 2011-05-22 12:12:28 +0000
committer: jilles <jilles@FreeBSD.org> 2011-05-22 12:12:28 +0000
commit: b78a69b7081791bcd44c61221e032f481da35d32 (patch)
tree: 8d6f8a64885192a9d6766447d965e128c946968d /bin/sh/main.c
parent: 1eb41d92b5e12674e34256329830096b1432868b (diff)
download: FreeBSD-src-b78a69b7081791bcd44c61221e032f481da35d32.zip
FreeBSD-src-b78a69b7081791bcd44c61221e032f481da35d32.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/bin/sh/main.c b/bin/sh/main.c
index d962920..408d37c 100644
--- a/bin/sh/main.c
+++ b/bin/sh/main.c
@@ -281,7 +281,6 @@ readcmdfile(const char *name)
 static char *
 find_dot_file(char *basename)
 {
-	static char localname[FILENAME_MAX+1];
 	char *fullname;
 	const char *path = pathval();
 	struct stat statb;
@@ -291,10 +290,14 @@ find_dot_file(char *basename)
 		return basename;
 
 	while ((fullname = padvance(&path, basename)) != NULL) {
-		strcpy(localname, fullname);
+		if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode)) {
+			/*
+			 * Don't bother freeing here, since it will
+			 * be freed by the caller.
+			 */
+			return fullname;
+		}
 		stunalloc(fullname);
-		if ((stat(fullname, &statb) == 0) && S_ISREG(statb.st_mode))
-			return localname;
 	}
 	return basename;
 }
author	jilles <jilles@FreeBSD.org>	2011-05-22 12:12:28 +0000
committer	jilles <jilles@FreeBSD.org>	2011-05-22 12:12:28 +0000
commit	b78a69b7081791bcd44c61221e032f481da35d32 (patch)
tree	8d6f8a64885192a9d6766447d965e128c946968d /bin/sh/main.c
parent	1eb41d92b5e12674e34256329830096b1432868b (diff)
download	FreeBSD-src-b78a69b7081791bcd44c61221e032f481da35d32.zip FreeBSD-src-b78a69b7081791bcd44c61221e032f481da35d32.tar.gz