From: Richard M K. <kr...@us...> - 2008-01-22 17:14:38
|
Update of /cvsroot/sbcl/sbcl/src/runtime In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv26998/src/runtime Modified Files: wrap.c Log Message: 1.0.13.51: Fixups in mkstemp wrapper used in RUN-PROGRAM. * Preclude a buffer overflow (though one that cannot occur at present, given the single caller of this routine). Contributed by Alex Plotnick. Index: wrap.c =================================================================== RCS file: /cvsroot/sbcl/sbcl/src/runtime/wrap.c,v retrieving revision 1.30 retrieving revision 1.31 diff -u -d -r1.30 -r1.31 --- wrap.c 10 Jan 2008 01:48:12 -0000 1.30 +++ wrap.c 22 Jan 2008 17:14:31 -0000 1.31 @@ -305,10 +305,11 @@ template on every loop, but only the last several characters. But I didn't feel like testing the boundary cases in Windows's _mktemp. */ - strcpy((char*)&buf, template); - if (MKTEMP((char*)&buf)) { - if ((fd=open((char*)&buf, O_CREAT|O_EXCL|O_RDWR, mode))!=-1) { - strcpy(template, (char*)&buf); + strncpy(buf, template, PATHNAME_BUFFER_SIZE); + buf[PATHNAME_BUFFER_SIZE-1]=0; /* force NULL-termination */ + if (MKTEMP(buf)) { + if ((fd=open(buf, O_CREAT|O_EXCL|O_RDWR, mode))!=-1) { + strcpy(template, buf); return (fd); } else if (errno != EEXIST) |