fixes bug #284431 taken from upstream stable banch From 53a07a791c1b7e4ed832ed4842928ad5139c1f41 Mon Sep 17 00:00:00 2001 From: kasson Date: Wed, 11 Mar 2009 11:19:09 +0000 Subject: [PATCH] PK fixed buffer overruns in get_libdir(); some untested strcat() calls remain. --- src/gmxlib/futil.c | 31 ++++++++++++++++--------------- 1 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/gmxlib/futil.c b/src/gmxlib/futil.c index e1b60cc..b83b2ea 100644 --- a/src/gmxlib/futil.c +++ b/src/gmxlib/futil.c @@ -52,6 +52,8 @@ #include "smalloc.h" #include "statutil.h" +#define MAX_PATHBUF 4096 + typedef struct t_pstack { FILE *fp; struct t_pstack *prev; @@ -385,20 +387,19 @@ static bool filename_is_absolute(char *name) #endif } - bool get_libdir(char *libdir) { char bin_name[512]; char buf[512]; - char full_path[512]; - char test_file[512]; - char system_path[512]; + char full_path[MAX_PATHBUF]; + char test_file[MAX_PATHBUF]; + char system_path[MAX_PATHBUF]; char *dir,*ptr,*s,*pdum; bool found=FALSE; int i; /* First - detect binary name */ - strcpy(bin_name,Program()); + strncpy(bin_name,Program(),512); /* On windows & cygwin we need to add the .exe extension * too, or we wont be able to detect that the file exists @@ -409,7 +410,7 @@ bool get_libdir(char *libdir) #endif /* Only do the smart search part if we got a real name */ - if (NULL!=bin_name && strcmp(bin_name,"GROMACS")) { + if (NULL!=bin_name && strncmp(bin_name,"GROMACS",512)) { if (!strchr(bin_name,DIR_SEPARATOR)) { /* No slash or backslash in name means it must be in the path - search it! */ @@ -435,11 +436,11 @@ bool get_libdir(char *libdir) * name is relative to the current dir */ pdum=getcwd(buf,sizeof(buf)-1); - strcpy(full_path,buf); + strncpy(full_path,buf,MAX_PATHBUF); strcat(full_path,"/"); strcat(full_path,bin_name); } else { - strcpy(full_path,bin_name); + strncpy(full_path,bin_name,MAX_PATHBUF); } /* Now we should have a full path and name in full_path, @@ -450,9 +451,9 @@ bool get_libdir(char *libdir) buf[i]='\0'; /* If it doesn't start with "/" it is relative */ if (buf[0]!=DIR_SEPARATOR) { - strcpy(strrchr(full_path,DIR_SEPARATOR)+1,buf); + strncpy(strrchr(full_path,DIR_SEPARATOR)+1,buf,MAX_PATHBUF); } else - strcpy(full_path,buf); + strncpy(full_path,buf,MAX_PATHBUF); } #endif @@ -489,10 +490,10 @@ const char *low_libfn(const char *file, bool bFatal) const char *ret=NULL; char *lib,*dir; static char buf[1024]; - static char libpath[4096]; + static char libpath[MAX_PATHBUF]; static int bFirst=1; static bool env_is_set; - char *s,tmppath[4096]; + char *s,tmppath[MAX_PATHBUF]; bool found; if (bFirst) { @@ -500,10 +501,10 @@ const char *low_libfn(const char *file, bool bFatal) lib=getenv("GMXLIB"); if (lib != NULL) { env_is_set=TRUE; - strcpy(libpath,lib); + strncpy(libpath,lib,MAX_PATHBUF); } else if (!get_libdir(libpath)) - strcpy(libpath,GMXLIBDIR); + strncpy(libpath,GMXLIBDIR,MAX_PATHBUF); bFirst=0; } @@ -512,7 +513,7 @@ const char *low_libfn(const char *file, bool bFatal) ret=file; else { found=FALSE; - strcpy(tmppath,libpath); + strncpy(tmppath,libpath,MAX_PATHBUF); s=tmppath; while(!found && (dir=strtok(s,PATH_SEPARATOR))!=NULL) { sprintf(buf,"%s%c%s",dir,DIR_SEPARATOR,file); -- 1.6.5.GIT