From 8a71f8860c099120888a6f4ecaac4be5b2bf22f8 Mon Sep 17 00:00:00 2001
From: yorhel <yorhel@ce56bc8d-f834-0410-b703-f827bd498a76>
Date: Thu, 1 Nov 2007 19:40:30 +0000
Subject: [PATCH] Fixed buffer overflow when supplying a path longer than
 PATH_MAX (patch by Tobias Stoeckmann)

git-svn-id: svn://blicky.net/ncdu/trunk@28 ce56bc8d-f834-0410-b703-f827bd498a76
---
 src/calc.c | 3 +++
 src/main.c | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/calc.c b/src/calc.c
index ff1963b..0a96a83 100644
--- a/src/calc.c
+++ b/src/calc.c
@@ -60,6 +60,8 @@ char *rpath(const char *from, char *to) {
       strcpy(tmp, cwd);
     else
       tmp[0] = 0;
+    if(strlen(cur) + 2 > PATH_MAX - strlen(tmp))
+      return(NULL);
     strcat(tmp, "/");
     strcat(tmp, cur);
   } else
@@ -357,6 +359,7 @@ struct dir *showCalc(char *path) {
   *lasterr = '\0';
   anpos = 0;
   lastupdate = 999;
+  memset(tmp, 0, PATH_MAX);
 
  /* init parent dir */
   if(rpath(path, tmp) == NULL || lstat(tmp, &fs) != 0 || !S_ISDIR(fs.st_mode)) {
diff --git a/src/main.c b/src/main.c
index 63471f3..b09b175 100644
--- a/src/main.c
+++ b/src/main.c
@@ -87,7 +87,10 @@ void parseCli(int argc, char **argv) {
             exit(1);
         }
     } else {
-      strcpy(sdir, argv[i]);
+      sdir[PATH_MAX - 1] = 0;
+      strncpy(sdir, argv[i], PATH_MAX);
+      if(sdir[PATH_MAX - 1] != 0)
+        sdir[0] = 0;
     }
   }
   if(s_export && !sdir[0]) {
-- 
GitLab