mined: fix buffer overflow in input()
input() is used to accept filenames when saving, regular expressions when searching, and other input. It writes the characters into buffers such as file and exp_buf and others which are of length LINE_LEN. To prevent writing beyond the end of the intended buffer, truncate the input at LINE_LEN - 1 and ensure that the string is NULL terminated.
This commit is contained in:
parent
8933525b85
commit
5f4dc6b763
|
|
@ -1694,6 +1694,9 @@ int input(char *inbuf, FLAG clearfl)
|
|||
}
|
||||
else
|
||||
ring_bell();
|
||||
|
||||
if (ptr - inbuf >= LINE_LEN - 1)
|
||||
return FINE;
|
||||
}
|
||||
}
|
||||
quit = FALSE;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user