From: Adam Dickmeiss Date: Mon, 9 Mar 2015 11:27:02 +0000 (+0100) Subject: Fix buffer overflow in cmd_elements YAZ-828 X-Git-Tag: v5.10.2~6 X-Git-Url: http://jsfdemo.indexdata.com/cgi-bin?a=commitdiff_plain;h=0f24d89832c8100312b48b9bf58a5c0eba877f93;p=yaz-moved-to-github.git Fix buffer overflow in cmd_elements YAZ-828 --- diff --git a/client/client.c b/client/client.c index 3f79e7a..30582d3 100644 --- a/client/client.c +++ b/client/client.c @@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg) static int cmd_elements(const char *arg) { - static Z_ElementSetNames esn; - static char what[100]; - - if (!arg || !*arg) + if (elementSetNames) { - elementSetNames = 0; - return 1; + xfree(elementSetNames->u.generic); + xfree(elementSetNames); + } + elementSetNames = 0; + if (arg && *arg) + { + elementSetNames = (Z_ElementSetNames *) + xmalloc(sizeof(*elementSetNames)); + elementSetNames->which = Z_ElementSetNames_generic; + elementSetNames->u.generic = xstrdup(arg); } - strcpy(what, arg); - esn.which = Z_ElementSetNames_generic; - esn.u.generic = what; - elementSetNames = &esn; return 1; }