~ chicken-core (chicken-5) 1e006b65fb72c4afbcfd0e161cca9b6e84daafc2
commit 1e006b65fb72c4afbcfd0e161cca9b6e84daafc2
Author: Evan Hanson <evhan@foldling.org>
AuthorDate: Tue Jan 1 10:49:40 2019 +1300
Commit: felix <felix@call-with-current-continuation.org>
CommitDate: Tue Jan 1 03:17:40 2019 +0100
chicken-do: Avoid buffer overrun when preparing Windows command line
Signed-off-by: felix <felix@call-with-current-continuation.org>
diff --git a/chicken-do.c b/chicken-do.c
index f4175229..9895d6a8 100644
--- a/chicken-do.c
+++ b/chicken-do.c
@@ -42,6 +42,10 @@
#define MAX_TARGETS 256
#define MAX_DEPENDS 1024
+#ifdef WIN32
+# define MAX_COMMAND_LEN 32767
+#endif
+
static char *targets[ MAX_TARGETS ];
static char *depends[ MAX_DEPENDS ];
static struct stat tstats[ MAX_TARGETS ];
@@ -75,13 +79,18 @@ static int execute(char **argv)
#ifdef WIN32
static PROCESS_INFORMATION process_info;
static STARTUPINFO startup_info;
+ static TCHAR cmdline[ MAX_COMMAND_LEN ];
+ static int len;
+
startup_info.cb = sizeof(STARTUPINFO);
- static TCHAR cmdline[ MAX_PATH ];
+ /* quote command arguments */
while(*argv != NULL) {
- strcat(cmdline, "\"");
- strcat(cmdline, *(argv++));
- strcat(cmdline, "\" ");
+ len += snprintf(cmdline + len, sizeof(cmdline) - len, "\"%s\" ", *(argv++));
+ if(len > sizeof(cmdline)) {
+ fprintf(stderr, "argument list too long\n");
+ exit(1);
+ }
}
if(!CreateProcess(NULL, cmdline, NULL, NULL, TRUE,
Trap