1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: Jochen Sprickerhof <jspricke@debian.org>
Date: Wed, 20 Aug 2025 09:56:39 +0200
Subject: Fix buffer overflow in DUMPVARS
---
src/var.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/var.c b/src/var.c
index 7989cd5..c81d8f3 100644
--- a/src/var.c
+++ b/src/var.c
@@ -711,9 +711,14 @@ int DoDump(ParsePtr p)
DumpSysVarByName(DBufValue(&buf)+1);
} else {
v = FindVar(DBufValue(&buf), 0);
- DBufValue(&buf)[VAR_NAME_LEN] = 0;
- if (!v) fprintf(ErrFp, "%s %s\n",
+ if (!v) {
+ if (DBufLen(&buf) > VAR_NAME_LEN) {
+ /* Truncate over-long variable name */
+ DBufValue(&buf)[VAR_NAME_LEN] = 0;
+ }
+ fprintf(ErrFp, "%s %s\n",
DBufValue(&buf), UNDEF);
+ }
else {
fprintf(ErrFp, "%s ", v->name);
PrintValue(&(v->v), ErrFp);
|
