mined: fix buffer overflow in input()

input() is used to accept filenames when saving, regular expressions when searching, and other input. It writes the characters into buffers such as file and exp_buf and others which are of length LINE_LEN. To prevent writing beyond the end of the intended buffer, truncate the input at LINE_LEN - 1 and ensure that the string is NULL terminated. Change-Id: I142baa8cfae38bdd7fa648d86559d6d9b8e7a7fd
2015-12-22 03:07:01 +00:00 · 2015-12-22 03:07:01 +00:00 · ef31660ff2
commit ef31660ff2
parent 10b7016b5a
1 changed files with 3 additions and 0 deletions
--- a/minix/usr.bin/mined/mined1.c
+++ b/minix/usr.bin/mined/mined1.c
@ -1694,6 +1694,9 @@ int input(char *inbuf, FLAG clearfl)
  			}
  			else
  				ring_bell();
+
+			if (ptr - inbuf >= LINE_LEN - 1)
+				return FINE;
  	}
  }
  quit = FALSE;