3.82 isn't the latest. It looks like someone beat you to it:
Differences between revisions 3f6bb04e75e5a02f23339c9d4bec99b22d430803 and
6405534814f04899890a2d932db9a4985fd772fe:
2012-02-26 21:34:51 + psm...@gnu.org
(6405534814f04899890a2d932db9a4985fd772fe)
Check for possible buffer overflow on very long filenames. Fixes Savannah bug
#35525
---
diff --git a/implicit.c b/implicit.c
index 96c7b2b..c5f7481 100644
--- a/implicit.c
+++ b/implicit.c
@@ -488,6 +488,13 @@ pattern_search (struct file *file, int archive,
dir = pathdir;
}
+ if (stemlen > GET_PATH_MAX)
+{
+ DBS (DB_IMPLICIT, (_("Stem too long: `%.*s'.\n"),
+ (int) stemlen, stem));
+ continue;
+}
+
DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),
(int) stemlen, stem));
From: bug-make-bounces+martin.dorey=hds@gnu.org
[mailto:bug-make-bounces+martin.dorey=hds@gnu.org] On Behalf Of Mustapha
Abiola
Sent: Friday, June 27, 2014 22:30
To: bug-make@gnu.org
Subject: Buffer overflow in orig/implicit.c
Kindly consider my fix for the lack of bounds checks in implicit.c
Index: make-3.82/implicit.c
===
--- make-3.82.orig/implicit.c
+++ make-3.82/implicit.c
@@ -488,6 +488,9 @@ pattern_search (struct file *file, int a
dir = pathdir;
}
+ if (stemlen >= PATH_MAX)
+ fatal (NILF, _("File name too long"));
+
DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),
(int) stemlen, stem));
Thanks.
___
Bug-make mailing list
Bug-make@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-make
