Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fix buffer overflow in exec

  • Loading branch information...
commit 8f1194b696a5feefe39d8c7c4a9385966d95c740 1 parent f3a3eb9
Ilya Strukov authored
Showing with 33 additions and 1 deletion.
  1. +5 −1 exec.inc
  2. +1 −0  stdlib/string.inc
  3. +27 −0 stdlib/string/strncpy.inc
6 exec.inc
View
@@ -9,6 +9,7 @@
;PSP is a Program Segment Prefix
PSP_ERR_MODE equ 002h ;4 is sizeof.term_instr
PSP_CMD_LINE equ 080h
+PSP_CMD_LINE_LEN equ 020h
PSP_CODE_START equ 100h
term_instr:
@@ -32,9 +33,12 @@ exec:
;allocate segment for the program
call malloc
+ push cx
;copy command line into PSP
mov di, PSP_CMD_LINE
- call strcpy
+ mov cx, PSP_CMD_LINE_LEN
+ call strncpy
+ pop cx
mov word[es:PSP_ERR_MODE], DEF_ERR_MODE
1  stdlib/string.inc
View
@@ -8,6 +8,7 @@
include 'memset.inc'
include 'string\strcpy.inc'
+include 'string\strncpy.inc'
include 'string\strcmp.inc'
include 'string\strlen.inc'
include 'string\strtok.inc'
27 stdlib/string/strncpy.inc
View
@@ -0,0 +1,27 @@
+; VictoriaOS: strcpy function
+; Copyright Ilya Strukov, 2008
+
+; This program is free software; you can redistribute it and/or modify
+; it under the terms of the GNU General Public License as published by
+; the Free Software Foundation; either version 2 of the License, or
+; (at your option) any later version.
+
+;================================================
+; #proc string copy
+; #input: ds:si - source, es:di - destination, cx - dest. buffer size
+strncpy:
+ push ax cx si di
+ dec cx
+ cld
+ strncpy_loop:
+ lodsb
+ stosb
+ test al, al
+ jz strncpy_exit
+ loop strncpy_loop
+ xor al, al ;add \0 at the end
+ stosb
+ strncpy_exit:
+ pop di si cx ax
+ ret
+;-- vim: set filetype=fasm:
Please sign in to comment.
Something went wrong with that request. Please try again.