diff options
| author | Wayne Davison <wayned@samba.org> | 2017-10-29 15:52:46 -0700 |
|---|---|---|
| committer | Wayne Davison <wayned@samba.org> | 2017-10-29 15:53:28 -0700 |
| commit | 8a82feeb7cebcbba7826e861905af52582850459 (patch) | |
| tree | 99deb67b371d59a15b6053c1bcbdd4e2b61ce352 | |
| parent | 0350f95e7bfd0fc6c444682f16e0c9af32874eac (diff) | |
| download | android_external_rsync-8a82feeb7cebcbba7826e861905af52582850459.tar.gz android_external_rsync-8a82feeb7cebcbba7826e861905af52582850459.tar.bz2 android_external_rsync-8a82feeb7cebcbba7826e861905af52582850459.zip | |
Don't overflow an allocated dest buf when input path is empty.
Fixes bug 13105.
| -rw-r--r-- | util.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -1009,7 +1009,7 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth, int rlen = 0, drop_dot_dirs = !relative_paths || !(flags & SP_KEEP_DOT_DIRS); if (dest != p) { - int plen = strlen(p); + int plen = strlen(p); /* the path len INCLUDING any separating slash */ if (*p == '/') { if (!rootdir) rootdir = module_dir; @@ -1020,11 +1020,11 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth, if (dest) { if (rlen + plen + 1 >= MAXPATHLEN) return NULL; - } else if (!(dest = new_array(char, rlen + plen + 1))) + } else if (!(dest = new_array(char, MAX(rlen + plen + 1, 2)))) out_of_memory("sanitize_path"); - if (rlen) { + if (rlen) { /* only true if p previously started with a slash */ memcpy(dest, rootdir, rlen); - if (rlen > 1) + if (rlen > 1) /* a rootdir of len 1 is "/", so this avoids a 2nd slash */ dest[rlen++] = '/'; } } |