Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 594444

Summary: app-text/recode-3.6_p20-r1: possible buffer overflow when the input filename is too long
Product: Gentoo Linux Reporter: Coacher <itumaykin+gentoo>
Component: Current packagesAssignee: Gentoo Shell Tools project <shell-tools>
Status: RESOLVED NEEDINFO    
Severity: normal CC: security
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/pinard/Recode/pull/3
Whiteboard:
Package list:
Runtime testing required: ---

Description Coacher 2016-09-20 00:41:31 UTC 
Hello.

Source code says:

char output_name[200]; /* FIXME: dangerous limit */
[...]
input_name = argv[optind];
[...]
strcpy (output_name, input_name);

This can't be good. Gentoo patchset doesn't cover this.

Please fix.