[mapserver-commits] r10311 - branches/branch-5-2/mapserver
svn at osgeo.org
svn at osgeo.org
Thu Jul 8 17:06:09 EDT 2010
Author: dmorissette
Date: 2010-07-08 21:06:09 +0000 (Thu, 08 Jul 2010)
New Revision: 10311
Modified:
branches/branch-5-2/mapserver/maputil.c
Log:
Fixed possible buffer overflow in msTmpFile() (#3484)
Modified: branches/branch-5-2/mapserver/maputil.c
===================================================================
--- branches/branch-5-2/mapserver/maputil.c 2010-07-08 21:04:45 UTC (rev 10310)
+++ branches/branch-5-2/mapserver/maputil.c 2010-07-08 21:06:09 UTC (rev 10311)
@@ -1281,22 +1281,24 @@
char szPath[MS_MAXPATHLEN];
const char *fullFname;
char tmpId[128]; /* big enough for time + pid + ext */
+ const char *tmpBase = NULL;
if( ForcedTmpBase != NULL )
{
- strncpy( tmpId, ForcedTmpBase, sizeof(tmpId) );
+ tmpBase = ForcedTmpBase;
}
else
{
/* We'll use tmpId and tmpCount to generate unique filenames */
sprintf(tmpId, "%lx_%x",(long)time(NULL),(int)getpid());
+ tmpBase = tmpId;
}
if (ext == NULL) ext = "";
- tmpFname = (char*)malloc(strlen(tmpId) + 10 + strlen(ext) + 1);
+ tmpFname = (char*)malloc(strlen(tmpBase) + 10 + strlen(ext) + 1);
msAcquireLock( TLOCK_TMPFILE );
- sprintf(tmpFname, "%s_%x.%s", tmpId, tmpCount++, ext);
+ sprintf(tmpFname, "%s_%x.%s", tmpBase, tmpCount++, ext);
msReleaseLock( TLOCK_TMPFILE );
fullFname = msBuildPath3(szPath, mappath, tmppath, tmpFname);
More information about the mapserver-commits
mailing list