Fix buffer overflow in cmd_elements YAZ-828

diff --git a/client/client.c b/client/client.c
index 3f79e7a..30582d3 100644 (file)
--- a/client/client.c
+++ b/client/client.c
@@ -3720,18 +3720,19 @@ static int cmd_format(const char *arg)
 
 static int cmd_elements(const char *arg)
 {
-    static Z_ElementSetNames esn;
-    static char what[100];
-
-    if (!arg || !*arg)
+    if (elementSetNames)
     {
-        elementSetNames = 0;
-        return 1;
+        xfree(elementSetNames->u.generic);
+        xfree(elementSetNames);
+    }
+    elementSetNames = 0;
+    if (arg && *arg)
+    {
+        elementSetNames = (Z_ElementSetNames *)
+            xmalloc(sizeof(*elementSetNames));
+        elementSetNames->which = Z_ElementSetNames_generic;
+        elementSetNames->u.generic = xstrdup(arg);
     }
-    strcpy(what, arg);
-    esn.which = Z_ElementSetNames_generic;
-    esn.u.generic = what;
-    elementSetNames = &esn;
     return 1;
 }