[PATCH 0/4] a couple of fixes to programs/cmd

[Eric Pouech]

I thought fixing bug #51599 would be quick and simple...
Fixing was quick, but I shouldn't have tried to run the non regression
tests... which opened a can of worms <g>

patch #2 fixes some error cases on input handling

the can of worms:
it happens that I have a single symlinks in my (not pristine) prefix
(well a very very simple one: Z: -> /)
cmd.exe (and attrib.exe) **NEVER** test for buffer overflow when recursing
inside the directory tree structure
(I haven't checked the other utilities yet)

I tested native behavior: depth-recursion stops around MAX_PATH length...
while breadth-recursion continues; and there's no detection about DAG or
entering twice the same directory

so patches #3 and #4 are about not recursing when buffer would overflow in
attrib.exe and cmd.exe

Notes:
- not all the places (in cmd) have been fixed by those patches for buffer
  overflow
- there are some places that take care of allocating larger buffers than
  MAX_PATH, hence preventing the recursion to stop as native does
- with those patches, I still can't successfully run the cmd regression
  test with the symlink in place
  (maybe I need to be more patient than one hour :-(
- regression tests pass on a pristine prefix though

A+

---

Eric Pouech (4):
      programs/cmd: handle white space only lines within ( ) block
      programs/cmd: handle read errors in WCMD_ask_confirm
      programs/attrib: don't overflow internal path buffers
      programs/cmd: don't overflow internal path buffers


 programs/attrib/attrib.c | 10 ++++++----
 programs/cmd/builtins.c  | 25 ++++++++++++++++++-------
 programs/cmd/directory.c |  1 +
 programs/cmd/wcmdmain.c  |  8 ++++++--
 4 files changed, 31 insertions(+), 13 deletions(-)