From 0f24d89832c8100312b48b9bf58a5c0eba877f93 Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Mon, 9 Mar 2015 12:27:02 +0100
Subject: [PATCH 1/1] Fix buffer overflow in cmd_elements YAZ-828

---
 client/client.c |   21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/client/client.c b/client/client.c
index 3f79e7a..30582d3 100644
--- a/client/client.c
+++ b/client/client.c
@@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg)
 
 static int cmd_elements(const char *arg)
 {
-    static Z_ElementSetNames esn;
-    static char what[100];
-
-    if (!arg || !*arg)
+    if (elementSetNames)
     {
-        elementSetNames = 0;
-        return 1;
+        xfree(elementSetNames->u.generic);
+        xfree(elementSetNames);
+    }
+    elementSetNames = 0;
+    if (arg && *arg)
+    {
+        elementSetNames = (Z_ElementSetNames *)
+            xmalloc(sizeof(*elementSetNames));
+        elementSetNames->which = Z_ElementSetNames_generic;
+        elementSetNames->u.generic = xstrdup(arg);
     }
-    strcpy(what, arg);
-    esn.which = Z_ElementSetNames_generic;
-    esn.u.generic = what;
-    elementSetNames = &esn;
     return 1;
 }
 
-- 
1.7.10.4