Fix a buffer overflow. Which accounted for the size of the path, plus the the

'/', plus the size of the test command. It did not account for the terminating NULL, which overwrote the end of the string. -Erik
2024-09-12 00:55:11 +00:00 · 2001-05-04 20:47:33 +00:00 · 2001-05-04 20:47:33 +00:00 · 7526f035f4
commit 7526f035f4
parent e5ffb911e8
2 changed files with 2 additions and 2 deletions
--- a/findutils/which.c
+++ b/findutils/which.c
@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
 		argv++;
 		found = 0;
 		for (i = 0; i < count; i++) {
-			char buf[strlen(path_n)+1+strlen(*argv)];
+			char buf[strlen(path_n)+strlen(*argv)+2];
 			strcpy (buf, path_n);
 			strcat (buf, "/");
 			strcat (buf, *argv);
--- a/which.c
+++ b/which.c
@ -53,7 +53,7 @@ extern int which_main(int argc, char **argv)
 		argv++;
 		found = 0;
 		for (i = 0; i < count; i++) {
-			char buf[strlen(path_n)+1+strlen(*argv)];
+			char buf[strlen(path_n)+strlen(*argv)+2];
 			strcpy (buf, path_n);
 			strcat (buf, "/");
 			strcat (buf, *argv);