[Scummvm-cvs-logs] CVS: scummvm/base gameDetector.cpp,1.126,1.127
Max Horn
fingolfin at users.sourceforge.net
Sun Oct 30 17:52:01 CET 2005
Update of /cvsroot/scummvm/scummvm/base
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16260/base
Modified Files:
gameDetector.cpp
Log Message:
Fix another HOME buffer overflow attack vector
Index: gameDetector.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/base/gameDetector.cpp,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -d -r1.126 -r1.127
--- gameDetector.cpp 18 Oct 2005 19:05:22 -0000 1.126
+++ gameDetector.cpp 31 Oct 2005 01:50:51 -0000 1.127
@@ -176,8 +176,9 @@
char savePath[MAXPATHLEN];
#ifdef UNIX
struct stat sb;
- if (getenv("HOME") != NULL) {
- snprintf(savePath, MAXPATHLEN, "%s/%s", getenv("HOME"), DEFAULT_SAVE_PATH);
+ const char *home = getenv("HOME");
+ if (home != NULL && strlen(home) < MAXPATHLEN) {
+ snprintf(savePath, MAXPATHLEN, "%s/%s", home, DEFAULT_SAVE_PATH);
if (stat(savePath, &sb) == -1) {
/* create the dir if it does not exist */
if (errno == ENOENT) {
@@ -344,7 +345,7 @@
// handled here, just before the command line gets parsed.
#if !defined(MACOS_CARBON) && !defined(_WIN32_WCE) && !defined(PALMOS_MODE)
const char *dir = getenv("SCUMMVM_SAVEPATH");
- if (dir && *dir) {
+ if (dir && *dir && strlen(dir) < 1024) {
// TODO: Verify whether the path is valid
settings["savepath"] = dir;
}
More information about the Scummvm-git-logs
mailing list