diff options
author | Michael Santos <[email protected]> | 2010-10-01 19:55:17 -0400 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-10-04 15:25:22 +0200 |
commit | be8759e68b337524c056b8bb757ea68c9996d863 (patch) | |
tree | b769fd3390d8cb8b0144479eecae033674b90be9 /erts/etc | |
parent | 3d430d0faa33f7d74f1258b400515dc6cea40c4e (diff) | |
download | otp-be8759e68b337524c056b8bb757ea68c9996d863.tar.gz otp-be8759e68b337524c056b8bb757ea68c9996d863.tar.bz2 otp-be8759e68b337524c056b8bb757ea68c9996d863.zip |
erlc: prevent buffer overflows
Check buffer operations and increase the size of the buffer used for
holding command line arguments, since the "-D" switch will be expanded
into 3 arguments when passed to erl.
Diffstat (limited to 'erts/etc')
-rw-r--r-- | erts/etc/common/Makefile.in | 2 | ||||
-rw-r--r-- | erts/etc/common/erlc.c | 12 |
2 files changed, 10 insertions, 4 deletions
diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in index 333390b2c3..fe7d7b4f6d 100644 --- a/erts/etc/common/Makefile.in +++ b/erts/etc/common/Makefile.in @@ -327,7 +327,7 @@ $(OBJDIR)/$(ERLEXEC).o: $(ERLEXECDIR)/$(ERLEXEC).c $(CC) -I$(EMUDIR) $(CFLAGS) -o $@ -c $(ERLEXECDIR)/$(ERLEXEC).c endif $(BINDIR)/erlc@EXEEXT@: $(OBJDIR)/erlc.o - $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/erlc.o -L$(OBJDIR) $(LIBS) + $(PURIFY) $(LD) $(LDFLAGS) -o $@ $(OBJDIR)/erlc.o -L$(OBJDIR) $(LIBS) $(ERTS_INTERNAL_LIBS) $(OBJDIR)/erlc.o: erlc.c $(CC) $(CFLAGS) -o $@ -c erlc.c diff --git a/erts/etc/common/erlc.c b/erts/etc/common/erlc.c index 09aca19e6c..b59453ab40 100644 --- a/erts/etc/common/erlc.c +++ b/erts/etc/common/erlc.c @@ -160,6 +160,9 @@ main(int argc, char** argv) env = get_env("ERLC_EMULATOR"); emulator = env ? env : get_default_emulator(argv[0]); + if (strlen(emulator) >= MAXPATHLEN) + error("Value of environment variable ERLC_EMULATOR is too large"); + /* * Allocate the argv vector to be used for arguments to Erlang. * Arrange for starting to pushing information in the middle of @@ -170,7 +173,7 @@ main(int argc, char** argv) * base of the eargv vector, and move it up later. */ - eargv_size = argc*4+100; + eargv_size = argc*6+100; eargv_base = (char **) emalloc(eargv_size*sizeof(char*)); eargv = eargv_base; eargc = 0; @@ -419,7 +422,7 @@ process_opt(int* pArgc, char*** pArgv, int offset) static void push_words(char* src) { - char sbuf[1024]; + char sbuf[MAXPATHLEN]; char* dst; dst = sbuf; @@ -595,7 +598,7 @@ error(char* format, ...) va_list ap; va_start(ap, format); - vsprintf(sbuf, format, ap); + erts_vsnprintf(sbuf, sizeof(sbuf), format, ap); va_end(ap); fprintf(stderr, "erlc: %s\n", sbuf); exit(1); @@ -624,6 +627,9 @@ get_default_emulator(char* progname) char sbuf[MAXPATHLEN]; char* s; + if (strlen(progname) >= sizeof(sbuf)) + return ERL_NAME; + strcpy(sbuf, progname); for (s = sbuf+strlen(sbuf); s >= sbuf; s--) { if (IS_DIRSEP(*s)) { |