Fix buffer overflow in cmd_elements YAZ-828
authorAdam Dickmeiss <adam@indexdata.dk>
Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
committerAdam Dickmeiss <adam@indexdata.dk>
Mon, 9 Mar 2015 11:27:02 +0000 (12:27 +0100)
client/client.c

index 3f79e7a..30582d3 100644 (file)
@@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg)
 
 static int cmd_elements(const char *arg)
 {
-    static Z_ElementSetNames esn;
-    static char what[100];
-
-    if (!arg || !*arg)
+    if (elementSetNames)
     {
-        elementSetNames = 0;
-        return 1;
+        xfree(elementSetNames->u.generic);
+        xfree(elementSetNames);
+    }
+    elementSetNames = 0;
+    if (arg && *arg)
+    {
+        elementSetNames = (Z_ElementSetNames *)
+            xmalloc(sizeof(*elementSetNames));
+        elementSetNames->which = Z_ElementSetNames_generic;
+        elementSetNames->u.generic = xstrdup(arg);
     }
-    strcpy(what, arg);
-    esn.which = Z_ElementSetNames_generic;
-    esn.u.generic = what;
-    elementSetNames = &esn;
     return 1;
 }