initlog, usernetctl, and ppp-watch fixes (<linux_4ever@yahoo.com>)

author: Bill Nottingham <notting@redhat.com> 2003-06-13 21:52:17 +0000
committer: Bill Nottingham <notting@redhat.com> 2003-06-13 21:52:17 +0000
commit: 373493d3d8478cf5e5c2936df986dd0c046213e3 (patch)
tree: 89b415962dc5a1fc96ee0785bc473c8d8b6eee29 /src/usernetctl.c
parent: 0cad423a80a0805c129a25ae2ca47bf2195f9b5c (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/usernetctl.c b/src/usernetctl.c
index 238c0aee..2a92fed7 100644
--- a/src/usernetctl.c
+++ b/src/usernetctl.c
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <limits.h>
 
 /* This will be running setuid root, so be careful! */
 static char * safeEnviron[] = {
@@ -153,8 +154,15 @@ main(int argc, char ** argv) {
     /* automatically prepend "ifcfg-" if it is not specified */
     if (strncmp(ifaceConfig, "ifcfg-", 6)) {
 	char *temp;
+        size_t len = strlen(ifaceConfig);
 
-	temp = (char *) alloca(strlen(ifaceConfig) + 7);
+	/* Make sure a wise guys hasn't tried an integer wrap-around or
+	   stack overflow attack. There's no way it could refer to anything 
+	   bigger than the largest filename, so cut 'em off there. */
+        if (len > PATH_MAX)
+		exit(1);
+
+	temp = (char *) alloca(len + 7);
 	strcpy(temp, "ifcfg-");
 	/* strcat is safe because we got the length from strlen */
 	strcat(temp, ifaceConfig);
author	Bill Nottingham <notting@redhat.com>	2003-06-13 21:52:17 +0000
committer	Bill Nottingham <notting@redhat.com>	2003-06-13 21:52:17 +0000
commit	373493d3d8478cf5e5c2936df986dd0c046213e3 (patch)
tree	89b415962dc5a1fc96ee0785bc473c8d8b6eee29 /src/usernetctl.c
parent	0cad423a80a0805c129a25ae2ca47bf2195f9b5c (diff)