Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 40686 Details for
Bug 65773
app-arch/sharutils - 2 buffer overflows
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
... the patch
sharutils-gentoo.diff (text/plain), 1.92 KB, created by
Florian Schilhabel (RETIRED)
on 2004-09-29 00:25:30 UTC
(
hide
)
Description:
... the patch
Filename:
MIME Type:
Creator:
Florian Schilhabel (RETIRED)
Created:
2004-09-29 00:25:30 UTC
Size:
1.92 KB
patch
obsolete
>diff -Naur ./sharutils-4.2.1/src/shar.c ./sharutils-4.2.1_new/src/shar.c >--- ./sharutils-4.2.1/src/shar.c 1999-09-10 21:20:41.000000000 +0200 >+++ ./sharutils-4.2.1_new/src/shar.c 2004-09-29 09:06:06.782294248 +0200 >@@ -1571,7 +1571,7 @@ > sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name); > if (pfp = popen (command, "r"), pfp) > { >- char wc[BUFSIZ]; >+ char wc[BUFSIZ], tempform[50]; > const char *prefix = ""; > > if (did_md5) >@@ -1579,8 +1579,8 @@ > fputs (" else\n", output); > prefix = " "; > } >- >- fscanf (pfp, "%s", wc); >+ sprintf (tempform, "%%%ds", BUFSIZ - 1); >+ fscanf (pfp, tempform, wc); > fprintf (output, "\ > %s shar_count=\"`%s '%s'`\"\n\ > %s test %s -eq \"$shar_count\" ||\n\ >diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c >--- ./sharutils-4.2.1/src/unshar.c 1995-11-21 17:22:14.000000000 +0100 >+++ ./sharutils-4.2.1_new/src/unshar.c 2004-09-29 09:06:12.216468128 +0200 >@@ -346,8 +346,8 @@ > { > size_t size_read; > FILE *file; >- char name_buffer[NAME_BUFFER_SIZE]; >- char copy_buffer[NAME_BUFFER_SIZE]; >+ char name_buffer[NAME_BUFFER_SIZE] = {'\0'}; >+ char copy_buffer[NAME_BUFFER_SIZE] = {'\0'}; > int optchar; > > program_name = argv[0]; >@@ -409,14 +409,15 @@ > if (optind < argc) > for (; optind < argc; optind++) > { >- if (argv[optind][0] == '/') >- stpcpy (name_buffer, argv[optind]); >- else >- { >- char *cp = stpcpy (name_buffer, current_directory); >- *cp++ = '/'; >- stpcpy (cp, argv[optind]); >- } >+ if (argv[optind][0] == '/') { >+ strncpy (name_buffer, argv[optind], sizeof(name_buffer)); >+ name_buffer[sizeof(name_buffer)-1] = '\0'; >+ } >+ else { >+ char *cp = (char *)malloc(strlen(name_buffer)+1); >+ *cp++ = '/'; >+ strncpy(cp, argv[optind], sizeof(name_buffer)); >+ } > if (file = fopen (name_buffer, "r"), !file) > error (EXIT_FAILURE, errno, name_buffer); > unarchive_shar_file (name_buffer, file);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 65773
:
40686
|
40702