From 24343d03a2ed42bc03fd49d7ee3afa161e5e9393 Mon Sep 17 00:00:00 2001 From: Jonathan Lamothe Date: Sun, 25 Aug 2013 19:48:27 -0400 Subject: [PATCH 1/2] prevent buffer overflow in filename --- dpu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dpu.c b/dpu.c index 5746339..63ae680 100755 --- a/dpu.c +++ b/dpu.c @@ -23,6 +23,11 @@ int main (int argc, char **argv){ fputs("I pity the fool who don't have an input file!\n",stderr); return EXIT_FAILURE; } + if(strlen(argv[arg]) >= FILENAME_MAX) + { + fputs("It's a filename, not a novel.\n", stderr); + return EXIT_FAILURE; + } strcpy(name,argv[arg]); strcat(name,".dpu"); if((bob = fopen(argv[arg],"r"))==NULL){ From 7402cc563f547b4ec1714271dbd96853582e03a2 Mon Sep 17 00:00:00 2001 From: Jonathan Lamothe Date: Sun, 25 Aug 2013 20:00:14 -0400 Subject: [PATCH 2/2] make room for the .dpu suffix --- dpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpu.c b/dpu.c index 63ae680..38dfea0 100755 --- a/dpu.c +++ b/dpu.c @@ -23,7 +23,7 @@ int main (int argc, char **argv){ fputs("I pity the fool who don't have an input file!\n",stderr); return EXIT_FAILURE; } - if(strlen(argv[arg]) >= FILENAME_MAX) + if(strlen(argv[arg]) >= FILENAME_MAX - 4) { fputs("It's a filename, not a novel.\n", stderr); return EXIT_FAILURE;