From 0f24d89832c8100312b48b9bf58a5c0eba877f93 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Mon, 9 Mar 2015 12:27:02 +0100 Subject: [PATCH] Fix buffer overflow in cmd_elements YAZ-828 --- client/client.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/client/client.c b/client/client.c index 3f79e7a..30582d3 100644 --- a/client/client.c +++ b/client/client.c @@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg) static int cmd_elements(const char *arg) { - static Z_ElementSetNames esn; - static char what[100]; - - if (!arg || !*arg) + if (elementSetNames) { - elementSetNames = 0; - return 1; + xfree(elementSetNames->u.generic); + xfree(elementSetNames); + } + elementSetNames = 0; + if (arg && *arg) + { + elementSetNames = (Z_ElementSetNames *) + xmalloc(sizeof(*elementSetNames)); + elementSetNames->which = Z_ElementSetNames_generic; + elementSetNames->u.generic = xstrdup(arg); } - strcpy(what, arg); - esn.which = Z_ElementSetNames_generic; - esn.u.generic = what; - elementSetNames = &esn; return 1; } -- 1.7.10.4