From: Ilya Zakharevich <ilya@math.berkeley.edu>
Date: Tue, 13 Oct 1998 04:46:00 +0000 (-0400)
Subject: Memory overrun in os2.c
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=6756f2f0bba8a181bed0219554fd4fa332538853;p=p5sagit%2Fp5-mst-13.2.git

Memory overrun in os2.c

	Message-Id: <199810130846.EAA00769@monk.mps.ohio-state.edu>

p4raw-id: //depot/perl@1996
---

diff --git a/os2/Makefile.SHs b/os2/Makefile.SHs
index aaeed53..8fd7bfb 100644
--- a/os2/Makefile.SHs
+++ b/os2/Makefile.SHs
@@ -18,7 +18,7 @@ $spitshell >>Makefile <<!GROK!THIS!
 
 PERL_VERSION = $perl_version
 
-AOUT_OPTIMIZE = $optimize
+AOUT_OPTIMIZE	= \$(OPTIMIZE)
 AOUT_CCCMD	= \$(CC) $aout_ccflags \$(AOUT_OPTIMIZE)
 AOUT_AR		= $aout_ar
 AOUT_OBJ_EXT	= $aout_obj_ext
diff --git a/os2/os2.c b/os2/os2.c
index 8ef0e37..19b9f59 100644
--- a/os2/os2.c
+++ b/os2/os2.c
@@ -434,7 +434,7 @@ char *inicmd;
 	int trueflag = flag;
 	int rc, pass = 1;
 	char *tmps;
-	char buf[256], *s = 0;
+	char buf[256], *s = 0, scrbuf[280];
 	char *args[4];
 	static char * fargs[4] 
 	    = { "/bin/sh", "-c", "\"$@\"", "spawn-via-shell", };
@@ -546,6 +546,16 @@ char *inicmd;
 		/* Try adding script extensions to the file name, and
 		   search on PATH. */
 		char *scr = find_script(PL_Argv[0], TRUE, NULL, 0);
+		int l = strlen(scr);
+		
+		if (l >= sizeof scrbuf) {
+		   Safefree(scr);
+		 longbuf:
+		   croak("Size of scriptname too big: %d", l);
+		}
+		strcpy(scrbuf, scr);
+		Safefree(scr);
+		scr = scrbuf;
 
 		if (scr) {
 		    FILE *file = fopen(scr, "r");
@@ -555,7 +565,6 @@ char *inicmd;
 		    if (!file)
 			goto panic_file;
 		    if (!fgets(buf, sizeof buf, file)) { /* Empty... */
-			int l = strlen(scr);
 
 			buf[0] = 0;
 			fclose(file);
@@ -564,18 +573,18 @@ char *inicmd;
 			   documentation, DosQueryAppType sometimes (?)
 			   does not append ".exe", so we could have
 			   reached this place). */
-			if (l + 5 < 512) { /* size of buffer in find_script */
-			    strcpy(scr + l, ".exe");
-			    if (PerlLIO_stat(scr,&PL_statbuf) >= 0
+			if (l + 5 < sizeof scrbuf) {
+			    strcpy(scrbuf + l, ".exe");
+			    if (PerlLIO_stat(scrbuf,&PL_statbuf) >= 0
 				&& !S_ISDIR(PL_statbuf.st_mode)) {
 				/* Found */
 				tmps = scr;
 				pass++;
 				goto reread;
-			    } else {
-				scr[l] = 0;
-			    }
-			}
+			    } else
+				scrbuf[l] = 0;
+			} else
+			    goto longbuf;
 		    }
 		    if (fclose(file) != 0) { /* Failure */
 		      panic_file: