scrut(1): fix buffer overflow in option parsing

2024-02-16 01:13:37 -07:00 · 2024-02-16 01:13:37 -07:00 · 64a1a19bd8
commit 64a1a19bd8
parent 5b364e104e
1 changed files with 12 additions and 5 deletions
--- a/src/scrut.c
+++ b/src/scrut.c
@ -18,7 +18,7 @@

 #include <stdio.h> /* fprintf(3), stderr, NULL */
 #include <stdlib.h> /* EXIT_FAILURE */
-#include <string.h> /* strchr(3) */
+#include <string.h> /* memset(3), strchr(3) */
 #include <unistd.h> /* access(3), getopt(3), F_OK, R_OK, W_OK, X_OK */
 #include <sys/stat.h> /* lstat(3), stat struct, S_ISBLK, S_ISCHR, S_ISDIR,
                       * S_ISFIFO, S_ISGID, S_ISREG, S_ISLNK, S_ISSOCK,
@ -33,17 +33,24 @@ int main(int argc, char *argv[]){
 	struct stat buf;
 	int c;
 	size_t i;
+	char *p;

 	if(argc < 2)
 		goto usage;

-	i = 0;
+	memset(ops, '\0', sizeof ops);
 	while((c = getopt(argc, argv, args)) != -1)
-		if(strchr(args, c) == NULL)
+		if((p = strchr(args, c)) == NULL)
 			goto usage;
 		else
-			ops[i++] = c;
-	ops[i] = '\0';
+			ops[p - args] = c;
+	/* straighten out ops */
+	for(i = 0, p = ops; i < (sizeof ops) / (sizeof *ops); ++i)
+		if(ops[i] != '\0'){
+			*p = ops[i];
+			if(&ops[i] != p++)
+				ops[i] = '\0';
+		}

 	if(optind == argc)
 		goto usage;