diff options
| author | Björn Gustavsson <[email protected]> | 2010-10-14 14:50:58 +0200 |
|---|---|---|
| committer | Björn Gustavsson <[email protected]> | 2010-10-14 14:51:03 +0200 |
| commit | c7f811b03aca427fbea0cac5307b81fa19bddbc1 (patch) | |
| tree | 96a2b390b50527199660a9fece17272c89ec402d /erts/etc/common/erlc.c | |
| parent | 0cfaafd999d74a085d6f3e212e90985700040691 (diff) | |
| parent | 0983ce5264f277c9b7798758082eee1c7addb337 (diff) | |
| download | otp-c7f811b03aca427fbea0cac5307b81fa19bddbc1.tar.gz otp-c7f811b03aca427fbea0cac5307b81fa19bddbc1.tar.bz2 otp-c7f811b03aca427fbea0cac5307b81fa19bddbc1.zip | |
Merge branch 'ms/security-fixes' into dev
* ms/security-fixes:
erlc: remove unused variable
typer: prevent buffer overflows
run_test: prevent buffer overflow
heart: prevent buffer overflow
escript: prevent buffer overflows
erlexec: prevent buffer overflows
erlc: prevent buffer overflows
dialyzer: prevent buffer overflows
OTP-8892
Diffstat (limited to 'erts/etc/common/erlc.c')
| -rw-r--r-- | erts/etc/common/erlc.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/erts/etc/common/erlc.c b/erts/etc/common/erlc.c index 09aca19e6c..cd137435d1 100644 --- a/erts/etc/common/erlc.c +++ b/erts/etc/common/erlc.c @@ -148,10 +148,6 @@ int main(int argc, char** argv) { char cwd[MAXPATHLEN]; /* Current working directory. */ - char** rpc_eargv; /* Pointer to the beginning of arguments - * if calling a running Erlang system - * via erl_rpc(). - */ int eargv_size; int eargc_base; /* How many arguments in the base of eargv. */ char* emulator; @@ -160,6 +156,9 @@ main(int argc, char** argv) env = get_env("ERLC_EMULATOR"); emulator = env ? env : get_default_emulator(argv[0]); + if (strlen(emulator) >= MAXPATHLEN) + error("Value of environment variable ERLC_EMULATOR is too large"); + /* * Allocate the argv vector to be used for arguments to Erlang. * Arrange for starting to pushing information in the middle of @@ -170,7 +169,7 @@ main(int argc, char** argv) * base of the eargv vector, and move it up later. */ - eargv_size = argc*4+100; + eargv_size = argc*6+100; eargv_base = (char **) emalloc(eargv_size*sizeof(char*)); eargv = eargv_base; eargc = 0; @@ -189,7 +188,6 @@ main(int argc, char** argv) PUSH2("-mode", "minimal"); PUSH2("-boot", "start_clean"); PUSH3("-s", "erl_compile", "compile_cmdline"); - rpc_eargv = eargv+eargc; /* * Push standard arguments to Erlang. @@ -419,7 +417,7 @@ process_opt(int* pArgc, char*** pArgv, int offset) static void push_words(char* src) { - char sbuf[1024]; + char sbuf[MAXPATHLEN]; char* dst; dst = sbuf; @@ -595,7 +593,7 @@ error(char* format, ...) va_list ap; va_start(ap, format); - vsprintf(sbuf, format, ap); + erts_vsnprintf(sbuf, sizeof(sbuf), format, ap); va_end(ap); fprintf(stderr, "erlc: %s\n", sbuf); exit(1); @@ -624,6 +622,9 @@ get_default_emulator(char* progname) char sbuf[MAXPATHLEN]; char* s; + if (strlen(progname) >= sizeof(sbuf)) + return ERL_NAME; + strcpy(sbuf, progname); for (s = sbuf+strlen(sbuf); s >= sbuf; s--) { if (IS_DIRSEP(*s)) { |