diff options
| author |   deraadt <deraadt@openbsd.org> | 1999-12-06 19:10:38 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 1999-12-06 19:10:38 +0000 |
| commit | d033816d90e04681a042afed164c0ddbe506ccff (patch) | |
| tree | 4b5f9c2fb46e119fb31cc627e27c53a34b157f56 | |
| parent | fd leak (diff) | |
| download | wireguard-openbsd-d033816d90e04681a042afed164c0ddbe506ccff.tar.xz wireguard-openbsd-d033816d90e04681a042afed164c0ddbe506ccff.zip | |
check for ~ expansion past MAXPATHLEN
| -rw-r--r-- | usr.bin/ssh/tildexpand.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.bin/ssh/tildexpand.c b/usr.bin/ssh/tildexpand.c index 3345c0fd2ab..4ecb785be53 100644 --- a/usr.bin/ssh/tildexpand.c +++ b/usr.bin/ssh/tildexpand.c @@ -6,7 +6,7 @@ */ #include "includes.h" -RCSID("$Id: tildexpand.c,v 1.5 1999/11/24 19:53:54 markus Exp $"); +RCSID("$Id: tildexpand.c,v 1.6 1999/12/06 19:10:38 deraadt Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -23,6 +23,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid) char *expanded; struct passwd *pw; char user[100]; + int len; /* Return immediately if no tilde. */ if (filename[0] != '~') @@ -56,7 +57,10 @@ tilde_expand_filename(const char *filename, uid_t my_uid) return xstrdup(pw->pw_dir); } /* Build a path combining the specified directory and path. */ - expanded = xmalloc(strlen(pw->pw_dir) + strlen(cp + 1) + 2); - sprintf(expanded, "%s/%s", pw->pw_dir, cp + 1); + len = strlen(pw->pw_dir) + strlen(cp + 1) + 2; + if (len > MAXPATHLEN) + fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1); + expanded = xmalloc(len); + snprintf(expanded, len, "%s/%s", pw->pw_dir, cp + 1); return expanded; } |