aboutsummaryrefslogtreecommitdiff
path: root/base
diff options
context:
space:
mode:
authorMax Horn2005-10-31 01:50:51 +0000
committerMax Horn2005-10-31 01:50:51 +0000
commit0063257a2bf4284b50945f337b81db951cfad364 (patch)
treef052a00a1f2e0290255f9c91490a3d809b163e04 /base
parentcd6e35cdb85b3213a6eb4032697a942991141197 (diff)
downloadscummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.tar.gz
scummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.tar.bz2
scummvm-rg350-0063257a2bf4284b50945f337b81db951cfad364.zip
Fix another HOME buffer overflow attack vector
svn-id: r19376
Diffstat (limited to 'base')
-rw-r--r--base/gameDetector.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/base/gameDetector.cpp b/base/gameDetector.cpp
index 08bd53281e..8d8705dda2 100644
--- a/base/gameDetector.cpp
+++ b/base/gameDetector.cpp
@@ -176,8 +176,9 @@ GameDetector::GameDetector() {
char savePath[MAXPATHLEN];
#ifdef UNIX
struct stat sb;
- if (getenv("HOME") != NULL) {
- snprintf(savePath, MAXPATHLEN, "%s/%s", getenv("HOME"), DEFAULT_SAVE_PATH);
+ const char *home = getenv("HOME");
+ if (home != NULL && strlen(home) < MAXPATHLEN) {
+ snprintf(savePath, MAXPATHLEN, "%s/%s", home, DEFAULT_SAVE_PATH);
if (stat(savePath, &sb) == -1) {
/* create the dir if it does not exist */
if (errno == ENOENT) {
@@ -344,7 +345,7 @@ void GameDetector::parseCommandLine(int argc, char **argv) {
// handled here, just before the command line gets parsed.
#if !defined(MACOS_CARBON) && !defined(_WIN32_WCE) && !defined(PALMOS_MODE)
const char *dir = getenv("SCUMMVM_SAVEPATH");
- if (dir && *dir) {
+ if (dir && *dir && strlen(dir) < 1024) {
// TODO: Verify whether the path is valid
settings["savepath"] = dir;
}