[Scummvm-cvs-logs] CVS: scummvm/base gameDetector.cpp,1.123.2.2,1.123.2.3

Max Horn fingolfin at users.sourceforge.net
Sun Oct 30 17:54:02 CET 2005


Update of /cvsroot/scummvm/scummvm/base
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16470/base

Modified Files:
      Tag: branch-0-8-0
	gameDetector.cpp 
Log Message:
Fix another HOME buffer overflow attack vector

Index: gameDetector.cpp
===================================================================
RCS file: /cvsroot/scummvm/scummvm/base/gameDetector.cpp,v
retrieving revision 1.123.2.2
retrieving revision 1.123.2.3
diff -u -d -r1.123.2.2 -r1.123.2.3
--- gameDetector.cpp	18 Oct 2005 19:10:15 -0000	1.123.2.2
+++ gameDetector.cpp	31 Oct 2005 01:53:02 -0000	1.123.2.3
@@ -176,8 +176,9 @@
 	char savePath[MAXPATHLEN];
 #ifdef UNIX
 	struct stat sb;
-	if (getenv("HOME") != NULL) {
-		snprintf(savePath, MAXPATHLEN, "%s/%s", getenv("HOME"), DEFAULT_SAVE_PATH);
+	const char *home = getenv("HOME");
+	if (home != NULL && strlen(home) < MAXPATHLEN) {
+		snprintf(savePath, MAXPATHLEN, "%s/%s", home, DEFAULT_SAVE_PATH);
 		if (stat(savePath, &sb) == -1) {
 			/* create the dir if it does not exist */
 			if (errno == ENOENT) {
@@ -344,7 +345,7 @@
 	// handled here, just before the command line gets parsed.
 #if !defined(MACOS_CARBON) && !defined(_WIN32_WCE) && !defined(PALMOS_MODE)
 	const char *dir = getenv("SCUMMVM_SAVEPATH");
-	if (dir && *dir) {
+	if (dir && *dir && strlen(dir) < 1024) {
 		// TODO: Verify whether the path is valid
 		settings["savepath"] = dir;
 	}





More information about the Scummvm-git-logs mailing list