From a2b776f6c901c706946b49d2b5cadb0c6efd2655 Mon Sep 17 00:00:00 2001 From: Andrew Gregory Date: Wed, 10 May 2017 18:54:54 -0400 Subject: query_fileowner: avoid buffer overflow Copying a string into a buffer that has just been determined to not be able to hold it is obviously incorrect. The actual error handling appears to have been unintentionally removed in 47762ab687959e48acc2de8592fcf3ba3cfa502b. Signed-off-by: Andrew Gregory Signed-off-by: Allan McRae --- src/pacman/query.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/pacman') diff --git a/src/pacman/query.c b/src/pacman/query.c index a8417570..024d3e21 100644 --- a/src/pacman/query.c +++ b/src/pacman/query.c @@ -204,6 +204,7 @@ static int query_fileowner(alpm_list_t *targets) size_t rlen = strlen(rpath); if(rlen + 2 >= PATH_MAX) { pm_printf(ALPM_LOG_ERROR, _("path too long: %s/\n"), rpath); + goto targcleanup; } strcat(rpath + rlen, "/"); } -- cgit v1.2.3-70-g09d2