stack-based buffer over-read in file_copystr in funcs.c (CVE-2022-48554)

debian/patches/cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch

@@ -0,0 +1,31 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 14 Feb 2022 16:26:10 +0000
+Subject: PR/310: p870613: Don't use strlcpy to copy the string, it will try to
+ scan the source string to find out how much space is needed the source string
+ might not be NUL terminated.
+Origin: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502
+Bug: https://bugs.astron.com/view.php?id=310
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48554
+
+---
+ src/funcs.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -51,9 +51,12 @@
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 

debian/patches/series

@@ -2,6 +2,7 @@
 
 # cherry-picked commits. Keep in upstream's chronological order
 cherry-pick.FILE5_39-9-g85b7ab83.include-alternate-format-to-the-list-of-uninteresting-formats.patch
+cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch
 
 # patches that should go upstream
 upstream.disable.att3b.patch