[PATCH 1 of 2] osutil: stop using strcpy
Augie Fackler
raf at durin42.com
Sun Mar 20 00:21:42 UTC 2016
# HG changeset patch
# User Augie Fackler <augie at google.com>
# Date 1458432139 14400
# Sat Mar 19 20:02:19 2016 -0400
# Node ID e09de2f7fe03ba5cb0ba387dee866ffae00bb922
# Parent 2e0a3cbabdb7d68e04da1cb9982e98edec2eacef
osutil: stop using strcpy
strcpy is a security vulnerability masquerading as a utility
function. Replace it with memcpy since we know how much to copy
anyway.
diff --git a/mercurial/osutil.c b/mercurial/osutil.c
--- a/mercurial/osutil.c
+++ b/mercurial/osutil.c
@@ -203,14 +203,15 @@ static PyObject *_listdir(char *path, in
PyErr_NoMemory();
goto error_nomem;
}
- strcpy(pattern, path);
+ memcpy(pattern, path, plen);
if (plen > 0) {
char c = path[plen-1];
if (c != ':' && c != '/' && c != '\\')
pattern[plen++] = '\\';
}
- strcpy(pattern + plen, "*");
+ pattern[plen++] = '*';
+ pattern[plen] = '\0';
fh = FindFirstFileA(pattern, &fd);
if (fh == INVALID_HANDLE_VALUE) {
More information about the Mercurial-devel
mailing list