* src/dir.c (local_stat): [WINDOWS32] Fix buffer-overflow warning.
[SV 57888] Provide space for the path to use MAXPATHLEN plus nul.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Copyright-paperwork-exempt: yes
diff --git a/src/dir.c b/src/dir.c
index 862a18e..2b2abf3 100644
--- a/src/dir.c
+++ b/src/dir.c
@@ -1286,13 +1286,13 @@
/* Make sure the parent of "." exists and is a directory, not a
file. This is because 'stat' on Windows normalizes the argument
foo/. => foo without checking first that foo is a directory. */
- if (plen > 1 && path[plen - 1] == '.'
+ if (plen > 2 && path[plen - 1] == '.'
&& (path[plen - 2] == '/' || path[plen - 2] == '\\'))
{
- char parent[MAXPATHLEN];
+ char parent[MAXPATHLEN+1];
- strncpy (parent, path, plen - 2);
- parent[plen - 2] = '\0';
+ strncpy (parent, path, MAXPATHLEN);
+ parent[MIN(plen - 2, MAXPATHLEN)] = '\0';
if (stat (parent, buf) < 0 || !_S_ISDIR (buf->st_mode))
return -1;
}