diff options
| -rw-r--r-- | nt/ChangeLog | 5 | ||||
| -rw-r--r-- | nt/cmdproxy.c | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/nt/ChangeLog b/nt/ChangeLog index 97d42701c3..299879ccba 100644 --- a/nt/ChangeLog +++ b/nt/ChangeLog @@ -1,3 +1,8 @@ +2014-04-26 Eli Zaretskii <eliz@gnu.org> + + * cmdproxy.c (make_absolute): Don't copy more characters from PATH + than a single directory name can hold. (Bug#17334) + 2014-04-21 Eli Zaretskii <eliz@gnu.org> * inc/ms-w32.h (lseek): Define only if not already a macro. diff --git a/nt/cmdproxy.c b/nt/cmdproxy.c index f3433f6368..e48ca63a25 100644 --- a/nt/cmdproxy.c +++ b/nt/cmdproxy.c @@ -292,11 +292,15 @@ make_absolute (const char *prog) while (*path) { + size_t len; + /* Get next directory from path. */ p = path; while (*p && *p != ';') p++; - strncpy (dir, path, p - path); - dir[p - path] = '\0'; + /* A broken PATH could have too long directory names in it. */ + len = min (p - path, sizeof (dir) - 1); + strncpy (dir, path, len); + dir[len] = '\0'; /* Search the directory for the program. */ if (search_dir (dir, prog, MAX_PATH, absname) > 0) |