Mercurial > hg

changeset 28593:e60c492a0d9b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
osutil: stop using strcpy strcpy is a security vulnerability masquerading as a utility function. Replace it with memcpy since we know how much to copy anyway.
author Augie Fackler <augie@google.com>
date Sat, 19 Mar 2016 20:02:19 -0400
parents cdbd9c0c0775
children d3990da51637
files mercurial/osutil.c
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/osutil.c	Sat Mar 19 11:39:13 2016 -0700
+++ b/mercurial/osutil.c	Sat Mar 19 20:02:19 2016 -0400
@@ -203,14 +203,15 @@
 		PyErr_NoMemory();
 		goto error_nomem;
 	}
-	strcpy(pattern, path);
+	memcpy(pattern, path, plen);
 
 	if (plen > 0) {
 		char c = path[plen-1];
 		if (c != ':' && c != '/' && c != '\\')
 			pattern[plen++] = '\\';
 	}
-	strcpy(pattern + plen, "*");
+	pattern[plen++] = '*';
+	pattern[plen] = '\0';
 
 	fh = FindFirstFileA(pattern, &fd);
 	if (fh == INVALID_HANDLE_VALUE) {