q3map2: harden UNIX path sniffer against buffer overflows
authorBen Noordhuis <info@bnoordhuis.nl>
Sun, 18 Mar 2012 01:00:09 +0000 (02:00 +0100)
committerBen Noordhuis <info@bnoordhuis.nl>
Sun, 18 Mar 2012 01:17:09 +0000 (02:17 +0100)
tools/quake3/q3map2/path_init.c

index 5a31644a90c3f836bd674202305fc6617946761a..901f07fc3f64db841221fd26e82558564fab6d29 100644 (file)
@@ -114,7 +114,7 @@ void LokiInitPaths( char *argv0 ){
        path = getenv( "PATH" );
 
        /* do some path divining */
        path = getenv( "PATH" );
 
        /* do some path divining */
-       strcpy( temp, argv0 );
+       Q_strncpyz( temp, argv0, sizeof( temp ) );
        if ( strrchr( temp, '/' ) ) {
                argv0 = strrchr( argv0, '/' ) + 1;
        }
        if ( strrchr( temp, '/' ) ) {
                argv0 = strrchr( argv0, '/' ) + 1;
        }
@@ -136,17 +136,17 @@ void LokiInitPaths( char *argv0 ){
 
                        /* found home dir candidate */
                        if ( *path == '~' ) {
 
                        /* found home dir candidate */
                        if ( *path == '~' ) {
-                               strcpy( temp, home );
+                               Q_strncpyz( temp, home, sizeof( temp ) );
                                path++;
                        }
 
                        /* concatenate */
                        if ( last > ( path + 1 ) ) {
                                path++;
                        }
 
                        /* concatenate */
                        if ( last > ( path + 1 ) ) {
-                               strncat( temp, path, ( last - path ) );
-                               strcat( temp, "/" );
+                               Q_strncat( temp, sizeof( temp ), path, ( last - path ) );
+                               Q_strcat( temp, sizeof( temp ), "/" );
                        }
                        }
-                       strcat( temp, "./" );
-                       strcat( temp, argv0 );
+                       Q_strcat( temp, sizeof( temp ), "./" );
+                       Q_strcat( temp, sizeof( temp ), argv0 );
 
                        /* verify the path */
                        if ( access( temp, X_OK ) == 0 ) {
 
                        /* verify the path */
                        if ( access( temp, X_OK ) == 0 ) {