This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Avoid buffer overflow in dl_win32.c
authorJan Dubois <jand@activestate.com>
Tue, 2 Nov 2010 00:25:58 +0000 (17:25 -0700)
committerJan Dubois <jand@activestate.com>
Tue, 2 Nov 2010 00:26:37 +0000 (17:26 -0700)
This fixes the DynaLoader related part of bug 78710
http://rt.perl.org/rt3//Public/Bug/Display.html?id=78710

ext/DynaLoader/dl_win32.xs
lib/overload/numbers.pm [changed mode: 0644->0755]

index 60ec703..94b3fe3 100644 (file)
@@ -72,6 +72,10 @@ dl_static_linked(char *filename)
     static char subStr[] = "/auto/";
     char szBuffer[MAX_PATH];
 
+    /* avoid buffer overflow when called with invalid filenames */
+    if (strlen(filename) >= sizeof(szBuffer))
+        return 0;
+
     /* change all the '\\' to '/' */
     strcpy(szBuffer, filename);
     for(ptr = szBuffer; ptr = strchr(ptr, '\\'); ++ptr)
old mode 100644 (file)
new mode 100755 (executable)