aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Santos <[email protected]>2010-10-01 19:54:51 -0400
committerBjörn Gustavsson <[email protected]>2010-10-04 15:25:22 +0200
commit3d430d0faa33f7d74f1258b400515dc6cea40c4e (patch)
tree1d1bce8b5f600f9ac9dd5495ac16eb776ef7a050
parentf21f0fa7d7ab6d5db573f06191a93aed6477b01b (diff)
downloadotp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.tar.gz
otp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.tar.bz2
otp-3d430d0faa33f7d74f1258b400515dc6cea40c4e.zip
dialyzer: prevent buffer overflows
Check length of buffers used with environment variables and debug messages.
-rw-r--r--erts/etc/common/Makefile.in2
-rw-r--r--erts/etc/common/dialyzer.c10
2 files changed, 9 insertions, 3 deletions
diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in
index 96655662b8..333390b2c3 100644
--- a/erts/etc/common/Makefile.in
+++ b/erts/etc/common/Makefile.in
@@ -333,7 +333,7 @@ $(OBJDIR)/erlc.o: erlc.c
$(CC) $(CFLAGS) -o $@ -c erlc.c
$(BINDIR)/dialyzer@EXEEXT@: $(OBJDIR)/dialyzer.o
- $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS)
+ $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/dialyzer.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS)
$(OBJDIR)/dialyzer.o: dialyzer.c
$(CC) $(CFLAGS) -o $@ -c dialyzer.c
diff --git a/erts/etc/common/dialyzer.c b/erts/etc/common/dialyzer.c
index 4b4c1124f1..4453e63f1c 100644
--- a/erts/etc/common/dialyzer.c
+++ b/erts/etc/common/dialyzer.c
@@ -147,6 +147,9 @@ main(int argc, char** argv)
env = get_env("DIALYZER_EMULATOR");
emulator = env ? env : get_default_emulator(argv[0]);
+ if (strlen(emulator) >= MAXPATHLEN)
+ error("Value of environment variable DIALYZER_EMULATOR is too large");
+
/*
* Allocate the argv vector to be used for arguments to Erlang.
* Arrange for starting to pushing information in the middle of
@@ -228,7 +231,7 @@ main(int argc, char** argv)
static void
push_words(char* src)
{
- char sbuf[1024];
+ char sbuf[MAXPATHLEN];
char* dst;
dst = sbuf;
@@ -360,7 +363,7 @@ error(char* format, ...)
va_list ap;
va_start(ap, format);
- vsprintf(sbuf, format, ap);
+ erts_vsnprintf(sbuf, sizeof(sbuf), format, ap);
va_end(ap);
fprintf(stderr, "dialyzer: %s\n", sbuf);
exit(1);
@@ -389,6 +392,9 @@ get_default_emulator(char* progname)
char sbuf[MAXPATHLEN];
char* s;
+ if (strlen(progname) >= sizeof(sbuf))
+ return ERL_NAME;
+
strcpy(sbuf, progname);
for (s = sbuf+strlen(sbuf); s >= sbuf; s--) {
if (IS_DIRSEP(*s)) {