Mercurial Mercurial > hg-stable / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
osutil: stop using strcpy
authorAugie Fackler <augie@google.com>
Sat, 19 Mar 2016 20:02:19 -0400
changeset 28593 e60c492a0d9b
parent 28592 cdbd9c0c0775
child 28594 d3990da51637
osutil: stop using strcpy strcpy is a security vulnerability masquerading as a utility function. Replace it with memcpy since we know how much to copy anyway.
mercurial/osutil.c file | annotate | diff | comparison | revisions 
--- a/mercurial/osutil.c	Sat Mar 19 11:39:13 2016 -0700
+++ b/mercurial/osutil.c	Sat Mar 19 20:02:19 2016 -0400
@@ -203,14 +203,15 @@
 		PyErr_NoMemory();
 		goto error_nomem;
 	}
-	strcpy(pattern, path);
+	memcpy(pattern, path, plen);
 
 	if (plen > 0) {
 		char c = path[plen-1];
 		if (c != ':' && c != '/' && c != '\\')
 			pattern[plen++] = '\\';
 	}
-	strcpy(pattern + plen, "*");
+	pattern[plen++] = '*';
+	pattern[plen] = '\0';
 
 	fh = FindFirstFileA(pattern, &fd);
 	if (fh == INVALID_HANDLE_VALUE) {
hg-stable