Add stricter checks for netnames.

[tinc] / src / script.c

diff --git a/src/script.c b/src/script.c
index 5ca5673..d4db889 100644 (file)
--- a/src/script.c
+++ b/src/script.c
@@ -64,7 +64,6 @@ static void unputenv(const char *p) {}
 #endif
 
 bool execute_script(const char *name, char **envp) {
-#ifdef HAVE_SYSTEM
        char scriptname[PATH_MAX];
        char *command;
 
@@ -75,9 +74,11 @@ bool execute_script(const char *name, char **envp) {
 #ifdef HAVE_MINGW
        if(!*scriptextension) {
                const char *pathext = getenv("PATHEXT") ?: ".COM;.EXE;.BAT;.CMD";
-               char fullname[strlen(scriptname) + strlen(pathext)];
-               char *ext = fullname + strlen(scriptname);
-               strcpy(fullname, scriptname);
+               size_t pathlen = strlen(pathext);
+               size_t scriptlen = strlen(scriptname);
+               char fullname[scriptlen + pathlen + 1];
+               char *ext = fullname + scriptlen;
+               strncpy(fullname, scriptname, sizeof fullname);
 
                const char *p = pathext;
                bool found = false;
@@ -88,7 +89,7 @@ bool execute_script(const char *name, char **envp) {
                                ext[q - p] = 0;
                                q++;
                        } else {
-                               strcpy(ext, p);
+                               strncpy(ext, p, pathlen + 1);
                        }
                        if((found = !access(fullname, F_OK)))
                                break;
@@ -144,6 +145,6 @@ bool execute_script(const char *name, char **envp) {
                logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "system", strerror(errno));
                return false;
        }
-#endif
+
        return true;
 }