summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1999-12-06 19:10:39 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1999-12-06 19:10:39 +0000
commit75ec15f00fb83c263f35612c0196153f18ced297 (patch)
treea59f13ed1639879e4d470dd6a4b975b8ed5e7312 /usr.bin
parentdfd07300d1c73f8ba8353f4fa63af80ec13a9cec (diff)
check for ~ expansion past MAXPATHLEN
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/tildexpand.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.bin/ssh/tildexpand.c b/usr.bin/ssh/tildexpand.c
index 3345c0fd2ab..4ecb785be53 100644
--- a/usr.bin/ssh/tildexpand.c
+++ b/usr.bin/ssh/tildexpand.c
@@ -6,7 +6,7 @@
*/
#include "includes.h"
-RCSID("$Id: tildexpand.c,v 1.5 1999/11/24 19:53:54 markus Exp $");
+RCSID("$Id: tildexpand.c,v 1.6 1999/12/06 19:10:38 deraadt Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -23,6 +23,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
char *expanded;
struct passwd *pw;
char user[100];
+ int len;
/* Return immediately if no tilde. */
if (filename[0] != '~')
@@ -56,7 +57,10 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
return xstrdup(pw->pw_dir);
}
/* Build a path combining the specified directory and path. */
- expanded = xmalloc(strlen(pw->pw_dir) + strlen(cp + 1) + 2);
- sprintf(expanded, "%s/%s", pw->pw_dir, cp + 1);
+ len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
+ if (len > MAXPATHLEN)
+ fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
+ expanded = xmalloc(len);
+ snprintf(expanded, len, "%s/%s", pw->pw_dir, cp + 1);
return expanded;
}