[Chicken-users] buffer overflow fixed

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] buffer overflow fixed

From:	Joerg F. Wittenberger
Subject:	[Chicken-users] buffer overflow fixed
Date:	16 Jan 2003 10:43:42 +0100

Hi,

I came across a possible buffer overflow in version 0.1088!  Here's
the fix:

*** runtime.c~  Sat Jan 11 14:41:50 2003
--- runtime.c   Thu Jan 16 10:41:47 2003
***************
*** 2816,2826 ****
  C_word C_fcall C_execute_shell_command(C_word string)
  {
    int n = C_header_size(string);
  
!   C_memcpy(buffer, ((C_SCHEME_BLOCK *)string)->data, n);
!   buffer[ n ] = '\0';
  
!   if((n = system(buffer)) == -1)
      return C_fix(errno);
  
  #ifdef C_NONUNIX
--- 2816,2834 ----
  C_word C_fcall C_execute_shell_command(C_word string)
  {
    int n = C_header_size(string);
+   char *buf = buffer;
  
!   if(n >= STRING_BUFFER_SIZE) {
!     buf = malloc(n+1);
!     if(!buf) barf(C_OUT_OF_MEMORY_ERROR, "system");
!   }
!   C_memcpy(buf, ((C_SCHEME_BLOCK *)string)->data, n);
!   buf[ n ] = '\0';
  
!   n = system(buf);
!   if(buf != buffer) free(buf);
! 
!   if(n == -1)
      return C_fix(errno);
  
  #ifdef C_NONUNIX

Cheers

/Jörg

-- 
The worst of harm may often result from the best of intentions.

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] buffer overflow fixed, Joerg F. Wittenberger <=

Prev by Date: [Chicken-users] System load
Next by Date: Re: [Chicken-users] System load
Previous by thread: [Chicken-users] System load
Next by thread: [Chicken-users] "make" fails on cygwin
Index(es):
- Date
- Thread