There is a chance that the input string is larger than size, and on VMS,

this wasn't checked and could possibly be exploitable (slim chance, but still)
2002-05-29 08:31:45 +00:00 · 2002-05-29 08:31:45 +00:00 · b093ef7445
commit b093ef7445
parent 405ac901c9
1 changed files with 10 additions and 3 deletions
--- a/apps/apps.c
+++ b/apps/apps.c
@ -310,9 +310,16 @@ void program_name(char *in, char *out, int size)

 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
-	strncpy(out,p,q-p);
-	out[q-p]='\0';
+		q = p + strlen(p);
+	strncpy(out,p,size-1);
+	if (q-p >= size)
+		{
+		out[size-1]='\0';
+		}
+	else
+		{
+		out[q-p]='\0';
+		}
 	}
 #else
 void program_name(char *in, char *out, int size)