From 8e4e53f4b9c968928ab5ff0e19b12971d870377e Mon Sep 17 00:00:00 2001
From: Jon Trulson <jon@radscan.com>
Date: Sat, 26 May 2012 18:14:58 -0600
Subject: [PATCH] FileUtils.c: fix CERT VU#575804

---
 cde/lib/DtHelp/FileUtils.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/cde/lib/DtHelp/FileUtils.c b/cde/lib/DtHelp/FileUtils.c
index fde078e1..371948d2 100644
--- a/cde/lib/DtHelp/FileUtils.c
+++ b/cde/lib/DtHelp/FileUtils.c
@@ -453,8 +453,9 @@ char * _DtHelpFileLocate (
        /*** this is monstrously inefficient--but it shouldn't get called often ***/
 
        /* get user's current working directory */
-       if (getcwd(tmpPath, MAXPATHLEN) == NULL) return NULL; /* RETURN: error */
-
+       /* JET - CERT VU#575804 */
+       if (getcwd(tmpPath, MAXPATHLEN - 1) == NULL) return NULL; /* RETURN: error */
+       
        /* make path end in a slash */
        eos = tmpPath + strlen(tmpPath);
        _DtHelpCeStrrchr(tmpPath,DirSlashStr,MB_CUR_MAX,&slash);
@@ -530,7 +531,9 @@ char * _DtHelpFileLocate (
 	      *ptr = EOS;
 
           /* compress that path */
-          strcpy(tmpPath,curPath);
+          /* JET - CERT VU#575804 */
+          strncpy(tmpPath, curPath, MAXPATHLEN);
+
           _DtHelpCeCompressPathname(tmpPath);
 
           /* test all suffixes */
-- 
2.25.1