Path bounds checks

diff --git a/src/ulas.c b/src/ulas.c
index a6b27580f10eb853b948981d9aa6aa443736b48a..cf03bc3803c155b36ef295da6ea8b9c0b5634b89 100644 (file)
--- a/src/ulas.c
+++ b/src/ulas.c
@@ -65,11 +65,15 @@ void ulas_free(void) {
 FILE *ulas_incpathfopen(const char *path, const char *mode) {
   char pathbuf[ULAS_PATHMAX];
   memset(pathbuf, 0, ULAS_PATHMAX);
+  int baselen = strlen(path);
   
   for (int i = 0; i < ulas.include_paths_len; i++) {
     pathbuf[0] = '\0';
     char *ip = ulas.include_paths[i];
     int len = strlen(ip);
+    if (len + baselen + 1 >= ULAS_PATHMAX) {
+      continue;
+    }
 
     strcat(pathbuf, ip);
     if (ip[len-1] != ULAS_PATHSEP[0]) {