mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-05 09:20:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix buffer overflow in os.tmpname

Browse source 
At least on macOS, `strlen(getenv("TMPDIR"))` is 50. We now allow a /tmp
that takes up to 120 or so bytes to spell. Instead of overflowing, we do
a bounds check and the function fails successfully on even longer /tmps.

Fixes #1108 (os.tmpname crashes redbean)
This commit is contained in:
Jōshin 2024-05-18 16:18:08 -07:00
parent 42891e82bb
commit 5a6dbf6124
No known key found for this signature in database
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
third_party/lua/loslib.c vendored
View file

@ -133,12 +133,12 @@ __static_yoink("lua_notice");
#if defined(LUA_USE_POSIX) /* { */
#define LUA_TMPNAMBUFSIZE 32
#define LUA_TMPNAMBUFSIZE 128
#define lua_tmpnam(b,e) { \
strcpy(b, __get_tmpdir()); \
strcat(b, "lua_XXXXXX"); \
e = mkstemp(b); \
strlcpy(b, __get_tmpdir(), LUA_TMPNAMBUFSIZE); \
e = strlcat(b, "lua_XXXXXX", LUA_TMPNAMBUFSIZE) >= LUA_TMPNAMBUFSIZE; \
e = e ? -1 : mkstemp(b); \
if (e != -1) close(e); \
e = (e == -1); }