Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Jul 2016 16:06:37 +0000 (UTC)
From:      Ed Schouten <ed@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r303450 - head/usr.bin/xinstall
Message-ID:  <201607281606.u6SG6bEx023911@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ed
Date: Thu Jul 28 16:06:37 2016
New Revision: 303450
URL: https://svnweb.freebsd.org/changeset/base/303450

Log:
  Pull a copy of the input string before calling basename() and dirname().
  
  POSIX allows implementations of these functions to modify their input.

Modified:
  head/usr.bin/xinstall/xinstall.c

Modified: head/usr.bin/xinstall/xinstall.c
==============================================================================
--- head/usr.bin/xinstall/xinstall.c	Thu Jul 28 16:02:30 2016	(r303449)
+++ head/usr.bin/xinstall/xinstall.c	Thu Jul 28 16:06:37 2016	(r303450)
@@ -656,7 +656,7 @@ makelink(const char *from_name, const ch
 	}
 
 	if (dolink & LN_RELATIVE) {
-		char *cp, *d, *s;
+		char *to_name_copy, *cp, *d, *s;
 
 		if (*from_name != '/') {
 			/* this is already a relative link */
@@ -674,7 +674,10 @@ makelink(const char *from_name, const ch
 		 * The last component of to_name may be a symlink,
 		 * so use realpath to resolve only the directory.
 		 */
-		cp = dirname(to_name);
+		to_name_copy = strdup(to_name);
+		if (to_name_copy == NULL)
+			err(EX_OSERR, "%s: strdup", to_name);
+		cp = dirname(to_name_copy);
 		if (realpath(cp, dst) == NULL)
 			err(EX_OSERR, "%s: realpath", cp);
 		/* .. and add the last component. */
@@ -682,9 +685,11 @@ makelink(const char *from_name, const ch
 			if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst))
 				errx(1, "resolved pathname too long");
 		}
-		cp = basename(to_name);
+		strcpy(to_name_copy, to_name);
+		cp = basename(to_name_copy);
 		if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst))
 			errx(1, "resolved pathname too long");
+		free(to_name_copy);
 
 		/* Trim common path components. */
 		for (s = src, d = dst; *s == *d; s++, d++)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607281606.u6SG6bEx023911>