diff options
author | Michael Santos <[email protected]> | 2010-10-01 19:54:51 -0400 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-10-04 15:25:22 +0200 |
commit | 3d430d0faa33f7d74f1258b400515dc6cea40c4e (patch) | |
tree | 1d1bce8b5f600f9ac9dd5495ac16eb776ef7a050 | |
parent | f21f0fa7d7ab6d5db573f06191a93aed6477b01b (diff) | |
download | otp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.tar.gz otp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.tar.bz2 otp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.zip |
dialyzer: prevent buffer overflows
Check length of buffers used with environment variables and debug
messages.
-rw-r--r-- | erts/etc/common/Makefile.in | 2 | ||||
-rw-r--r-- | erts/etc/common/dialyzer.c | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in index 96655662b8..333390b2c3 100644 --- a/erts/etc/common/Makefile.in +++ b/erts/etc/common/Makefile.in @@ -333,7 +333,7 @@ $(OBJDIR)/erlc.o: erlc.c $(CC) $(CFLAGS) -o $@ -c erlc.c $(BINDIR)/dialyzer@EXEEXT@: $(OBJDIR)/dialyzer.o - $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS) + $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS) $(OBJDIR)/dialyzer.o: dialyzer.c $(CC) $(CFLAGS) -o $@ -c dialyzer.c diff --git a/erts/etc/common/dialyzer.c b/erts/etc/common/dialyzer.c index 4b4c1124f1..4453e63f1c 100644 --- a/erts/etc/common/dialyzer.c +++ b/erts/etc/common/dialyzer.c @@ -147,6 +147,9 @@ main(int argc, char** argv) env = get_env("DIALYZER_EMULATOR"); emulator = env ? env : get_default_emulator(argv[0]); + if (strlen(emulator) >= MAXPATHLEN) + error("Value of environment variable DIALYZER_EMULATOR is too large"); + /* * Allocate the argv vector to be used for arguments to Erlang. * Arrange for starting to pushing information in the middle of @@ -228,7 +231,7 @@ main(int argc, char** argv) static void push_words(char* src) { - char sbuf[1024]; + char sbuf[MAXPATHLEN]; char* dst; dst = sbuf; @@ -360,7 +363,7 @@ error(char* format, ...) va_list ap; va_start(ap, format); - vsprintf(sbuf, format, ap); + erts_vsnprintf(sbuf, sizeof(sbuf), format, ap); va_end(ap); fprintf(stderr, "dialyzer: %s\n", sbuf); exit(1); @@ -389,6 +392,9 @@ get_default_emulator(char* progname) char sbuf[MAXPATHLEN]; char* s; + if (strlen(progname) >= sizeof(sbuf)) + return ERL_NAME; + strcpy(sbuf, progname); for (s = sbuf+strlen(sbuf); s >= sbuf; s--) { if (IS_DIRSEP(*s)) { |