* amq/pawd.c (getawd): avoid buffer overflow. Bug fix from Graeme

Wilford <G.Wilford@surrey.ac.uk>.

diff --git a/AUTHORS b/AUTHORS
index f0f6f690d80d0d8e34bcd358a2662f19326a8bd6..734720c5d00b6c0284182d9fdb7e98f3db8eb804 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -419,3 +419,7 @@ March 14, 2005: small patch to amd2ldif.
 * Adam Morley <adam at gmi dot com>
 January 27, 2005: synchronize what amd2ldif does vs. what the ldap.schema
 expects.
+
+* Graeme Wilford <G.Wilford@surrey.ac.uk>
+July 4, 2005: buffer overflow in pawd.
+

diff --git a/ChangeLog b/ChangeLog
index 6b8d4ad9306a624769f8019200ada8392a9a3048..c802c06523965f182135e023cb402b48869add11 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2005-07-05  Erez Zadok  <ezk@cs.sunysb.edu>
+
+       * amq/pawd.c (getawd): avoid buffer overflow.  Bug fix from Graeme
+       Wilford <G.Wilford@surrey.ac.uk>.
+
 2005-06-30  Erez Zadok  <ezk@cs.sunysb.edu>
 
        * amd/map.c (get_next_exported_ap): Avoid running off the end of

diff --git a/NEWS b/NEWS
index 9b0a3e59857a80bd4fc3636bd49078b386b9ee7e..9c3e9c140637c4d926fd1a0ce5364a3b21f3c1a0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@
        * extern for sleep(3) may be missing on older gcc systems
        * updated nfs_args structure on aix4.
        * possible running off end of exported_ap[] array.
+       * buffer overflow in pawd.
 
 *** Notes specific to am-utils version 6.1
 

diff --git a/amq/pawd.c b/amq/pawd.c
index 9d0339b205e751c9f6bff5f9715c3ebf15b4bdb9..3014c370cf750b9cdd85b6c0fffc65af1d734e74 100644 (file)
--- a/amq/pawd.c
+++ b/amq/pawd.c
@@ -37,7 +37,7 @@
  * SUCH DAMAGE.
  *
  *
- * $Id: pawd.c,v 1.17 2005/04/25 01:54:50 christos Exp $
+ * $Id: pawd.c,v 1.18 2005/07/05 17:45:37 ezk Exp $
  *
  */
 
@@ -251,7 +251,7 @@ static char *
 getawd(char *path)
 {
 #ifdef HAVE_GETCWD
-  char *wd = getcwd(path, MAXPATHLEN+1);
+  char *wd = getcwd(path, MAXPATHLEN);
 #else /* not HAVE_GETCWD */
   char *wd = getwd(path);
 #endif /* not HAVE_GETCWD */