From: Thomas Cort Date: Tue, 22 Dec 2015 03:07:01 +0000 (+0000) Subject: mined: fix buffer overflow in input() X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/zpipe.c?a=commitdiff_plain;h=refs%2Fchanges%2F75%2F3275%2F3;p=minix.git mined: fix buffer overflow in input() input() is used to accept filenames when saving, regular expressions when searching, and other input. It writes the characters into buffers such as file and exp_buf and others which are of length LINE_LEN. To prevent writing beyond the end of the intended buffer, truncate the input at LINE_LEN - 1 and ensure that the string is NULL terminated. Change-Id: I142baa8cfae38bdd7fa648d86559d6d9b8e7a7fd --- diff --git a/minix/usr.bin/mined/mined1.c b/minix/usr.bin/mined/mined1.c index bcc8447a9..aa9909b41 100644 --- a/minix/usr.bin/mined/mined1.c +++ b/minix/usr.bin/mined/mined1.c @@ -1694,6 +1694,9 @@ int input(char *inbuf, FLAG clearfl) } else ring_bell(); + + if (ptr - inbuf >= LINE_LEN - 1) + return FINE; } } quit = FALSE;