From 853a7089e689139372602e7e3f3a7bf855282a3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Mon, 23 Jun 2014 11:26:23 +0200
Subject: [PATCH] Runtime: Fixed buffer overrun in set_default_master().

The string "master.pike" is longer than the string "pike"...

Also fixes C99-ism.
---
 src/main.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/main.c b/src/main.c
index 57aaeb6358..2424d7a4dd 100644
--- a/src/main.c
+++ b/src/main.c
@@ -96,8 +96,7 @@ static char *master_file_location = _master_location + CONSTANT_STRLEN(MASTER_CO
 
 static void set_master(const char *file)
 {
-  if( master_file_location > _master_location+CONSTANT_STRLEN(MASTER_COOKIE)
-      || master_file_location < _master_location)
+  if( master_file_location != _master_location+CONSTANT_STRLEN(MASTER_COOKIE))
     free(master_file_location);
   master_file_location = strdup( file );
 }
@@ -176,14 +175,16 @@ static void set_default_master(const char *bin_name)
   if (!*mp) {
     /* Attempt to find a master via the path to the binary. */
     /* Note: We assume that MAXPATHLEN is > 18 characters. */
-    char tmp[strlen(bin_name)];
-    char *p;
-    strcpy(tmp, bin_name);
-    p = strrchr(tmp, '/');
-    if (!p) p = tmp;
-    else p++;
-    strcpy(p, "master.pike");
-    set_master( tmp );
+    if (strlen(bin_name) + CONSTANT_STRLEN("master.pike") < MAXPATHLEN) {
+      char tmp[MAXPATHLEN];
+      char *p;
+      strcpy(tmp, bin_name);
+      p = strrchr(tmp, '/');
+      if (!p) p = tmp;
+      else p++;
+      strcpy(p, "master.pike");
+      set_master( tmp );
+    }
   }
 #endif
 
-- 
GitLab