valter/dosbox-staging
1
0
Fork 0
Code Releases Activity

Fix buffer overflow in CMD_PATH

Browse source 
This buffer overflow was easy to trigger by just running:

  Z:\> path <very-long-string>

We avoid the problem by using snprintf, which will trim input to
the length passed as second parameter.
This commit is contained in:
Patryk Obara 2020-02-24 15:55:35 +01:00 committed by Patryk Obara
parent b639bd7fca
commit dc55ccb21f
1 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/shell/shell_cmds.cpp
View file

@ -1384,13 +1384,12 @@ void DOS_Shell::CMD_ATTRIB(char *args){
void DOS_Shell::CMD_PATH(char *args){
HELP("PATH");
if (args && strlen(args)){
char pathstring[DOS_PATHLENGTH+CROSS_LEN+20]={ 0 };
strcpy(pathstring,"set PATH=");
if (args && strlen(args)) {
char set_path[DOS_PATHLENGTH + CROSS_LEN + 20] = {0};
while (args && *args && (*args == '='|| *args == ' '))
args++;
strcat(pathstring,args);
this->ParseLine(pathstring);
args++;
snprintf(set_path, sizeof(set_path), "set PATH=%s", args);
this->ParseLine(set_path);
return;
} else {
std::string line;