STABLE14-cmd-nname-20080113

LICENSE MIT

Nname() is used to concatenate two strings and is frequently used with
the first string being the name of the executable perhaps with a full
path.  The static buffer specified is too small for a full path and
there was no protection against writing beyond the end of it.

(cherry picked from commit d5811091995b78d65e891b134aa0ad6955bbc30c)

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index a56daaef5f9eef656ce7856b04554727c35a649f..fab9e13667e1ee7141abed36856acafa48b6534a 100644 (file)
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -40,13 +40,14 @@ static char initcmd_opcode[] = "initcmd";   /*Name of initcmd opcode */
 static char *
 NName(char *a1, char *a2)
 {
-    static char tbuffer[80];
+    static char tbuffer[300];
     if (strlen(a1) == 0) {
-       return "";
+        return "";
     } else {
-       strcpy(tbuffer, a1);
-       strcat(tbuffer, a2);
-       return tbuffer;
+        strncpy(tbuffer, a1, sizeof(tbuffer));
+        strncat(tbuffer, a2, sizeof(tbuffer));
+        tbuffer[sizeof(tbuffer)-1]='\0';
+        return tbuffer;
     }
 }