From: James Jones <jejones3141@gmail.com>
Date: Fri, 23 Sep 2022 11:45:35 +0000 (-0500)
Subject: Make sure we don't overrun implib_file (CID #1504299) (#4739)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c682ec8cae44abf60b17c7b23ef475328694d38;p=thirdparty%2Ffreeradius-server.git

Make sure we don't overrun implib_file (CID #1504299) (#4739)

def_file wasn't the only fixed-size buffer in jlibtool.
---

diff --git a/scripts/jlibtool.c b/scripts/jlibtool.c
index 0303044dafe..6b93a1e1375 100644
--- a/scripts/jlibtool.c
+++ b/scripts/jlibtool.c
@@ -2250,6 +2250,7 @@ static void generate_def_file(command_t *cmd)
 	int num_export_args = 0;
 	char *cmd_str;
 	int cmd_size = 0;
+	int imp_len;
 
 
 	if (cmd->output_name) {
@@ -2304,14 +2305,25 @@ static void generate_def_file(command_t *cmd)
 			export_args[num_export_args++] = target->def2implib_cmd;
 			export_args[num_export_args++] = "-o";
 
+			imp_len = strlen(cmd->basename) + 7;
+			if (imp_len > sizeof(implib_file)) {
+			imp_too_long:
+				ERROR("imp file name too long, out of buffer space\n");
+				return;
+			}
+
 			strcpy(implib_file, ".libs/");
 			strcat(implib_file, cmd->basename);
-			ext = strrchr(implib_file, '.');
 
+			ext = strrchr(implib_file, '.');
 			if (ext) {
 				*ext = '\0';
+				imp_len = ext - implib_file + 1;
 			}
 
+			imp_len += strlen(target->static_lib_ext) + 1;
+			if (imp_len > sizeof(implib_file)) goto imp_too_long;
+
 			strcat(implib_file, ".");
 			strcat(implib_file, target->static_lib_ext);