Author: Martín Ferrari <martin.ferrari@gmail.com> Description: There are a coupĺe of offbyone errors that lead to buffer overflows --- a/perliso9660.swg +++ b/perliso9660.swg @@ -445,7 +445,7 @@ char * name_translate(const char *psz_ol %inline %{ char * name_translate(const char *psz_oldname) { - char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)); + char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)+1); iso9660_name_translate(psz_oldname, psz_newname); return psz_newname; } @@ -470,7 +470,7 @@ char * name_translate_ext(const char *ps %inline %{ char * name_translate_ext(const char *psz_oldname, uint8_t i_joliet_level) { - char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)); + char *psz_newname=calloc(sizeof(char), strlen(psz_oldname)+1); iso9660_name_translate_ext(psz_oldname, psz_newname, i_joliet_level); return psz_newname; }