From 0217b84e8a5ba9e2a460b9d1a42d6bd063d2e788 Mon Sep 17 00:00:00 2001
From: stefanf <stefanf@FreeBSD.org>
Date: Sat, 29 Apr 2006 10:29:10 +0000
Subject: Check the buffer size when copying the line returned by el_gets()
 into our own buffer.  Interactively typing in long lines (>1023 characters)
 previously overflowed the buffer.  Unlike the NetBSD people I don't see the
 need to subtract 8 from BUFSIZ, so I just used BUFSIZ-1.

Obtained from:	NetBSD
PR:		91110
---
 bin/sh/input.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'bin')

diff --git a/bin/sh/input.c b/bin/sh/input.c
index f4bb703..81c1f0b 100644
--- a/bin/sh/input.c
+++ b/bin/sh/input.c
@@ -184,14 +184,23 @@ preadfd(void)
 retry:
 #ifndef NO_HISTORY
 	if (parsefile->fd == 0 && el) {
-		const char *rl_cp;
+		static const char *rl_cp;
+		static int el_len;
 
-		rl_cp = el_gets(el, &nr);
+		if (rl_cp == NULL)
+			rl_cp = el_gets(el, &el_len);
 		if (rl_cp == NULL)
 			nr = 0;
 		else {
-			/* XXX - BUFSIZE should redesign so not necessary */
-			(void) strcpy(parsenextc, rl_cp);
+			nr = el_len;
+			if (nr > BUFSIZ - 1)
+				nr = BUFSIZ - 1;
+			memcpy(parsenextc, rl_cp, nr);
+			if (nr != el_len) {
+				el_len -= nr;
+				rl_cp += nr;
+			} else
+				rl_cp = NULL;
 		}
 	} else
 #endif
-- 
cgit v1.1