From 021f2a8ba6d99472b1726eb6d91602a6339ce334 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sat, 8 Dec 2001 01:57:48 +0000 Subject: [PATCH] * glob.c (execbrc): Fix some fencepost errors. Don't copy uninitialized memory past the end of the pattern string. Don't increment pointer beyond string end. [pullup from 1.2.3] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14058 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gssftp/ftp/ChangeLog | 6 ++++++ src/appl/gssftp/ftp/glob.c | 10 ++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 330a6beec..fc15245da 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,9 @@ +2001-11-30 Tom Yu + + * glob.c (execbrc): Fix some fencepost errors. Don't copy + uninitialized memory past the end of the pattern string. Don't + increment pointer beyond string end. + 2001-10-10 Danilo Almeida * ftp.c: Conditionalize declarations of some "unused variables" to diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c index b33de3a8f..272e50305 100644 --- a/src/appl/gssftp/ftp/glob.c +++ b/src/appl/gssftp/ftp/glob.c @@ -338,6 +338,7 @@ execbrc(p, s) for (lm = restbuf; *p != '{'; *lm++ = *p++) continue; + /* pe starts pointing to one past the first '{'. */ for (pe = ++p; *pe; pe++) switch (*pe) { @@ -354,6 +355,8 @@ execbrc(p, s) case '[': for (pe++; *pe && *pe != ']'; pe++) continue; + if (!*pe) + pe--; continue; } pend: @@ -366,7 +369,7 @@ pend: continue; case '}': - if (brclev) { + if (brclev) { /* brclev = 0 is outermost brace set */ brclev--; continue; } @@ -381,7 +384,10 @@ doit: *pm = 0; (void) strncpy(lm, pl, sizeof(restbuf) - 1 - (lm - restbuf)); restbuf[sizeof(restbuf) - 1] = '\0'; - (void) strncat(restbuf, pe + 1, sizeof(restbuf) - 1 - strlen(restbuf)); + if (*pe) { + (void) strncat(restbuf, pe + 1, + sizeof(restbuf) - 1 - strlen(restbuf)); + } *pm = savec; if (s == 0) { sgpathp = gpathp; -- 2.26.2