Fixed potential buffer overflow in Linux CD code (thanks Ryan!)
authorSam Lantinga <slouken@libsdl.org>
Thu, 09 Aug 2001 05:34:17 +0000
changeset 139ef23a1bf1244
parent 138 69ee0b88b615
child 140 3c35d8f160bd
Fixed potential buffer overflow in Linux CD code (thanks Ryan!)
src/cdrom/linux/SDL_syscdrom.c
     1.1 --- a/src/cdrom/linux/SDL_syscdrom.c	Thu Aug 09 05:31:32 2001 +0000
     1.2 +++ b/src/cdrom/linux/SDL_syscdrom.c	Thu Aug 09 05:34:17 2001 +0000
     1.3 @@ -181,10 +181,21 @@
     1.4  
     1.5  	mntfp = setmntent(mtab, "r");
     1.6  	if ( mntfp != NULL ) {
     1.7 -		char *tmp, mnt_type[32], mnt_dev[1024];
     1.8 +		char *tmp;
     1.9 +		char *mnt_type;
    1.10 +		char *mnt_dev;
    1.11  
    1.12  		while ( (mntent=getmntent(mntfp)) != NULL ) {
    1.13 -			/* Warning, possible buffer overflow.. */
    1.14 +			mnt_type = malloc(strlen(mntent->mnt_type) + 1);
    1.15 +			if (mnt_type == NULL)
    1.16 +				continue;  /* maybe you'll get lucky next time. */
    1.17 +
    1.18 +			mnt_dev = malloc(strlen(mntent->mnt_fsname) + 1);
    1.19 +			if (mnt_dev == NULL) {
    1.20 +				free(mnt_type);
    1.21 +				continue;
    1.22 +			}
    1.23 +
    1.24  			strcpy(mnt_type, mntent->mnt_type);
    1.25  			strcpy(mnt_dev, mntent->mnt_fsname);
    1.26  
    1.27 @@ -216,6 +227,8 @@
    1.28  					AddDrive(mnt_dev, &stbuf);
    1.29  				}
    1.30  			}
    1.31 +			free(mnt_dev);
    1.32 +			free(mnt_type);
    1.33  		}
    1.34  		endmntent(mntfp);
    1.35  	}