From: Chip Salzenberg <chip@perl.com>
Date: Fri, 18 Apr 1997 00:00:00 +0000 (+0000)
Subject: SECURITY FIX: Buffer overflow in gv_fetchfile()
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=53d9598854cd7b8b1159c1eede92a8c86c413bb6;p=p5sagit%2Fp5-mst-13.2.git

SECURITY FIX: Buffer overflow in gv_fetchfile()
---

diff --git a/gv.c b/gv.c
index 8bb1f10..90eee26 100644
--- a/gv.c
+++ b/gv.c
@@ -58,15 +58,24 @@ GV *
 gv_fetchfile(name)
 char *name;
 {
-    char tmpbuf[1200];
+    char smallbuf[256];
+    char *tmpbuf;
     STRLEN tmplen;
     GV *gv;
 
-    sprintf(tmpbuf, "_<%s", name);
-    tmplen = strlen(tmpbuf);
+    tmplen = strlen(name) + 2;
+    if (tmplen < sizeof smallbuf)
+	tmpbuf = smallbuf;
+    else
+	New(603, tmpbuf, tmplen + 1, char);
+    tmpbuf[0] = '_';
+    tmpbuf[1] = '<';
+    strcpy(tmpbuf + 2, name);
     gv = *(GV**)hv_fetch(defstash, tmpbuf, tmplen, TRUE);
     if (!isGV(gv))
 	gv_init(gv, defstash, tmpbuf, tmplen, FALSE);
+    if (tmpbuf != smallbuf)
+	Safefree(tmpbuf);
     sv_setpv(GvSV(gv), name);
     if (*name == '/' && (instr(name, "/lib/") || instr(name, ".pm")))
 	GvMULTI_on(gv);