From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from euclid.skiles.gatech.edu (list@euclid.skiles.gatech.edu [130.207.146.50]) by melb.werple.net.au (8.7.5/8.7.3/2) with ESMTP id KAA09072 for ; Tue, 9 Jul 1996 10:46:20 +1000 (EST) Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id UAA15828; Mon, 8 Jul 1996 20:40:57 -0400 (EDT) Resent-Date: Mon, 8 Jul 1996 20:40:57 -0400 (EDT) From: Zoltan Hidvegi Message-Id: <199607090040.CAA11288@bolyai.cs.elte.hu> Subject: Re: PATH_MAX used dangerously -- do we care? To: schaefer@nbn.com Date: Tue, 9 Jul 1996 02:40:44 +0200 (MET DST) Cc: zsh-workers@math.gatech.edu In-Reply-To: <960707093403.ZM4311@candle.brasslantern.com> from Bart Schaefer at "Jul 7, 96 09:34:01 am" Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368 X-Mailer: ELM [version 2.4ME+ PL16 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Resent-Message-ID: <"fsjwT.0.Bt3.OgQun"@euclid> Resent-From: zsh-workers@math.gatech.edu X-Mailing-List: archive/latest/1582 X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu > I can find at least half a dozen places where some form of user input is > sprintf'd or strcpy'd into a PATH_MAX-sized stack buffer or static buffer. > The most obvious one is in sourcehome() in init.c, where $ZDOTDIR plus a > slash and file name is sprintf'd into such a buffer. > > In all cases I found, the string being placed in the buffer really is a > path name, so PATH_MAX is a reasonable limit upon it; so I don't suggest > switching to dynamic buffers, but shouldn't there be a bounds check? Yes there should be. If you know the places where it should be fexed, send in that list or send a patch which fixes that. There can be two solutions: we can silently truncate the string or we may give some error message and refuse to do anything with the string. The later is probably more correct behaviour. Perhaps the behaviour of other shells can be examined before the decision. Zoltan