From a1264de80fbb439076f4314b16e869fc198fb388 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Fri, 13 Jun 2003 21:46:08 +0000
Subject: fix leaked fd, potential usernetctl badness, and initlog/process
 bogons (<linux_4ever@yahoo.com>)

---
 src/usernetctl.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/usernetctl.c')

diff --git a/src/usernetctl.c b/src/usernetctl.c
index e6bc4a22..6ace9e90 100644
--- a/src/usernetctl.c
+++ b/src/usernetctl.c
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <limits.h>
 
 /* This will be running setuid root, so be careful! */
 static char * safeEnviron[] = {
@@ -156,8 +157,15 @@ main(int argc, char ** argv) {
     /* automatically prepend "ifcfg-" if it is not specified */
     if (strncmp(ifaceConfig, "ifcfg-", 6)) {
 	char *temp;
+        size_t len = strlen(ifaceConfig);
 
-	temp = (char *) alloca(strlen(ifaceConfig) + 7);
+	/* Make sure a wise guys hasn't tried an integer wrap-around or
+	   stack overflow attack. There's no way it could refer to anything 
+	   bigger than the largest filename, so cut 'em off there. */
+        if (len > PATH_MAX)
+		exit(1);
+
+	temp = (char *) alloca(len + 7);
 	strcpy(temp, "ifcfg-");
 	/* strcat is safe because we got the length from strlen */
 	strcat(temp, ifaceConfig);
-- 
cgit v1.2.1