Fix buffer overflow in cmd_elements YAZ-828

author Adam Dickmeiss <adam@indexdata.dk>

Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)

committer Adam Dickmeiss <adam@indexdata.dk>

Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
author Adam Dickmeiss <adam@indexdata.dk>
Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
committer Adam Dickmeiss <adam@indexdata.dk>
Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
diff --git a/client/client.c b/client/client.c

index 3f79e7a..30582d3 100644 (file)
--- a/client/client.c
+++ b/client/client.c
@@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg)
  
  static int cmd_elements(const char *arg)
  {
  
  static int cmd_elements(const char *arg)
  {
-    static Z_ElementSetNames esn;
-    static char what[100];
-
-    if (!arg || !*arg)
+    if (elementSetNames)
      {
      {
-        elementSetNames = 0;
-        return 1;
+        xfree(elementSetNames->u.generic);
+        xfree(elementSetNames);
+    }
+    elementSetNames = 0;
+    if (arg && *arg)
+    {
+        elementSetNames = (Z_ElementSetNames *)
+            xmalloc(sizeof(*elementSetNames));
+        elementSetNames->which = Z_ElementSetNames_generic;
+        elementSetNames->u.generic = xstrdup(arg);
      }
      }
-    strcpy(what, arg);
-    esn.which = Z_ElementSetNames_generic;
-    esn.u.generic = what;
-    elementSetNames = &esn;
      return 1;
  }
  
      return 1;
  }
author	Adam Dickmeiss <adam@indexdata.dk>
	Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
committer	Adam Dickmeiss <adam@indexdata.dk>
	Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)