Prevent buffer overflow in realpath

This patch prevents a buffer overflow in the realpath function. Thanks to Abel Abraham Camarillo Ojeda
2024-11-10 20:23:49 +01:00 · 2010-06-06 19:27:10 +02:00 · 2010-06-06 19:27:10 +02:00 · f3e57c633d
commit f3e57c633d
parent 62937222af
1 changed files with 17 additions and 1 deletions
--- a/zathura.c
+++ b/zathura.c
@ -898,8 +898,24 @@ open_file(char* path, char* password)
 {
  g_static_mutex_lock(&(Zathura.Lock.pdf_obj_lock));

+  /* specify path max */
+  size_t pm;
+#ifdef PATH_MAX
+  pm = PATH_MAX;
+#else
+  pm = pathconf(path,_PC_PATH_MAX);
+  if(pm <= 0)
+    pm = 4096;
+#endif
+
  /* get filename */
-  char* file = realpath(path, NULL);
+  char* file = (char*) calloc(sizeof(char), pm);
+  if(!file || !realpath(path, file))
+  {
+    if(file)
+      free(file);
+    return FALSE;
+  }

  if(path[0] == '~')
  {