From 1af4d835650a8117ad8140067597427bde635186 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 May 2002 08:31:30 +0000 Subject: [PATCH] There is a chance that the input string is larger than size, and on VMS, this wasn't checked and could possibly be exploitable (slim chance, but still) --- apps/apps.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index c22550b294..a7aa9fce08 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -228,9 +228,16 @@ void program_name(char *in, char *out, int size) q=strrchr(p,'.'); if (q == NULL) - q = in+size; - strncpy(out,p,q-p); - out[q-p]='\0'; + q = p + strlen(p); + strncpy(out,p,size-1); + if (q-p >= size) + { + out[size-1]='\0'; + } + else + { + out[q-p]='\0'; + } } #else void program_name(char *in, char *out, int size)