From: Lukas Krickl <lukas@krickl.dev>
Date: Sat, 9 Dec 2023 17:27:50 +0000 (+0100)
Subject: Path bounds checks
X-Git-Url: https://git.krickl.dev/?a=commitdiff_plain;h=64626c8873f779c3c18e76dec3c485da22e18be0;p=ulas%2F.git

Path bounds checks
---

diff --git a/src/ulas.c b/src/ulas.c
index a6b2758..cf03bc3 100644
--- a/src/ulas.c
+++ b/src/ulas.c
@@ -65,11 +65,15 @@ void ulas_free(void) {
 FILE *ulas_incpathfopen(const char *path, const char *mode) {
   char pathbuf[ULAS_PATHMAX];
   memset(pathbuf, 0, ULAS_PATHMAX);
+  int baselen = strlen(path);
   
   for (int i = 0; i < ulas.include_paths_len; i++) {
     pathbuf[0] = '\0';
     char *ip = ulas.include_paths[i];
     int len = strlen(ip);
+    if (len + baselen + 1 >= ULAS_PATHMAX) {
+      continue;
+    }
 
     strcat(pathbuf, ip);
     if (ip[len-1] != ULAS_PATHSEP[0]) {