Mercurial > hg-stable
changeset 28593:e60c492a0d9b
osutil: stop using strcpy
strcpy is a security vulnerability masquerading as a utility
function. Replace it with memcpy since we know how much to copy
anyway.
author | Augie Fackler <augie@google.com> |
---|---|
date | Sat, 19 Mar 2016 20:02:19 -0400 |
parents | cdbd9c0c0775 |
children | d3990da51637 |
files | mercurial/osutil.c |
diffstat | 1 files changed, 3 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/osutil.c Sat Mar 19 11:39:13 2016 -0700 +++ b/mercurial/osutil.c Sat Mar 19 20:02:19 2016 -0400 @@ -203,14 +203,15 @@ PyErr_NoMemory(); goto error_nomem; } - strcpy(pattern, path); + memcpy(pattern, path, plen); if (plen > 0) { char c = path[plen-1]; if (c != ':' && c != '/' && c != '\\') pattern[plen++] = '\\'; } - strcpy(pattern + plen, "*"); + pattern[plen++] = '*'; + pattern[plen] = '\0'; fh = FindFirstFileA(pattern, &fd); if (fh == INVALID_HANDLE_VALUE) {