Skip to content
This repository was archived by the owner on May 17, 2019. It is now read-only.

Commit 1251410

Browse files
author
NerdOfCode
committed
Minor Updates
Patched a buffer overflow :) :()
1 parent ea8166c commit 1251410

1 file changed

Lines changed: 7 additions & 11 deletions

File tree

Src/shell.c

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -84,11 +84,11 @@ int main ( int argc, char argv[64] ){
8484
short int return_whoami_test_value = 0;
8585

8686
pwd_test = malloc(64 * sizeof(char));
87-
strncat(pwd_test,CMD_BIN, sizeof(CMD_BIN));
87+
strncat(pwd_test,CMD_BIN, sizeof(CMD_BIN) + sizeof(pwd_test));
8888
strncat(pwd_test,"pwd", sizeof(pwd_test));
8989

9090
whoami_test = malloc(64 * sizeof(char));
91-
strncat(whoami_test,CMD_BIN, sizeof(CMD_BIN));
91+
strncat(whoami_test,CMD_BIN, sizeof(CMD_BIN) + sizeof(whoami_test));
9292
strncat(whoami_test,"whoami", sizeof(whoami_test));
9393

9494
//Run our startup function
@@ -208,7 +208,7 @@ void change_to_home_dir( void ){
208208
short int ret = 0;
209209

210210
char current_user_home[64] = "/home/";
211-
strncat(current_user_home,logged_in_user,sizeof(current_user_home));
211+
strncat(current_user_home,logged_in_user,sizeof(current_user_home) + sizeof(logged_in_user));
212212

213213
//chdir() return -1 on error and 0 on success
214214
ret = chdir(current_user_home);
@@ -380,7 +380,6 @@ int parseCommand(char input[64]){
380380
}
381381
}
382382

383-
384383
//Remove all arguments
385384
for(int i = 0; i <= strlen(input); ++i){
386385
if(input[i] != ' '){
@@ -396,15 +395,14 @@ int parseCommand(char input[64]){
396395
//Obliterate filename_ptr
397396
//And check if command exists relative to its filename
398397
memset(filename_ptr, 0, sizeof(filename_ptr));
399-
strncat(filename_ptr,CMD_BIN, sizeof(CMD_BIN));
400-
strncat(filename_ptr,command_ptr, sizeof(CMD_BIN));
398+
strncat(filename_ptr,CMD_BIN, sizeof(CMD_BIN) + sizeof(filename_ptr));
399+
strncat(filename_ptr,command_ptr, sizeof(filename_ptr) + sizeof(command_ptr));
401400

402401
//Only remove newline if command has arguments
403402
if(command_args){
404403
filename_ptr[strlen(filename_ptr)-1] = '\0';
405404
}
406405

407-
408406
command_ptr[strlen(command_ptr)-1] = '\0';
409407
input[strlen(input)-1] = '\0';
410408

@@ -414,8 +412,6 @@ int parseCommand(char input[64]){
414412
update_new_cd(1);
415413
}
416414

417-
418-
419415
//If command or rather file is found, proceed
420416
if(access(filename_ptr, F_OK) == 0){
421417
//Since the command exists we can try running the arguments the user has provided
@@ -424,8 +420,8 @@ int parseCommand(char input[64]){
424420

425421
//Reset to default users args
426422
memset(filename_ptr, 0, 64);
427-
strncat(filename_ptr, CMD_BIN, sizeof(CMD_BIN));
428-
strncat(filename_ptr, input, sizeof(CMD_BIN));
423+
strncat(filename_ptr, CMD_BIN, sizeof(CMD_BIN) + sizeof(filename_ptr));
424+
strncat(filename_ptr, input, sizeof(CMD_BIN) + sizeof(filename_ptr));
429425
if(system(filename_ptr) == -1)
430426
if(DEBUG)
431427
printf("Error executing: %s\n",filename_ptr);

0 commit comments

Comments
 (0)