diff options
| author | Max Horn | 2005-10-31 01:50:51 +0000 |
|---|---|---|
| committer | Max Horn | 2005-10-31 01:50:51 +0000 |
| commit | 0063257a2bf4284b50945f337b81db951cfad364 (patch) | |
| tree | f052a00a1f2e0290255f9c91490a3d809b163e04 /base/gameDetector.cpp | |
| parent | cd6e35cdb85b3213a6eb4032697a942991141197 (diff) | |
| download | scummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.tar.gz scummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.tar.bz2 scummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.zip | |
Fix another HOME buffer overflow attack vector
svn-id: r19376
Diffstat (limited to 'base/gameDetector.cpp')
| -rw-r--r-- | base/gameDetector.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/base/gameDetector.cpp b/base/gameDetector.cpp index 08bd53281e..8d8705dda2 100644 --- a/base/gameDetector.cpp +++ b/base/gameDetector.cpp @@ -176,8 +176,9 @@ GameDetector::GameDetector() { char savePath[MAXPATHLEN]; #ifdef UNIX struct stat sb; - if (getenv("HOME") != NULL) { - snprintf(savePath, MAXPATHLEN, "%s/%s", getenv("HOME"), DEFAULT_SAVE_PATH); + const char *home = getenv("HOME"); + if (home != NULL && strlen(home) < MAXPATHLEN) { + snprintf(savePath, MAXPATHLEN, "%s/%s", home, DEFAULT_SAVE_PATH); if (stat(savePath, &sb) == -1) { /* create the dir if it does not exist */ if (errno == ENOENT) { @@ -344,7 +345,7 @@ void GameDetector::parseCommandLine(int argc, char **argv) { // handled here, just before the command line gets parsed. #if !defined(MACOS_CARBON) && !defined(_WIN32_WCE) && !defined(PALMOS_MODE) const char *dir = getenv("SCUMMVM_SAVEPATH"); - if (dir && *dir) { + if (dir && *dir && strlen(dir) < 1024) { // TODO: Verify whether the path is valid settings["savepath"] = dir; } |