提交 6298bf90 编写于 作者: R Richard Levitte

There is a chance that the input string is larger than size, and on VMS,

this wasn't checked and could possibly be exploitable (slim chance, but still)
上级 9a26adf5
......@@ -310,9 +310,16 @@ void program_name(char *in, char *out, int size)
q=strrchr(p,'.');
if (q == NULL)
q = in+size;
strncpy(out,p,q-p);
out[q-p]='\0';
q = p + strlen(p);
strncpy(out,p,size-1);
if (q-p >= size)
{
out[size-1]='\0';
}
else
{
out[q-p]='\0';
}
}
#else
void program_name(char *in, char *out, int size)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册