From: Christos Zoulas Date: Mon, 14 Feb 2022 16:26:10 +0000 Subject: PR/310: p870613: Don't use strlcpy to copy the string, it will try to scan the source string to find out how much space is needed the source string might not be NUL terminated. Origin: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 Bug: https://bugs.astron.com/view.php?id=310 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48554 --- src/funcs.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/src/funcs.c +++ b/src/funcs.c @@ -51,9 +51,12 @@ protected char * file_copystr(char *buf, size_t blen, size_t width, const char *str) { - if (++width > blen) - width = blen; - strlcpy(buf, str, width); + if (blen == 0) + return buf; + if (width >= blen) + width = blen - 1; + memcpy(buf, str, width); + buf[width] = '\0'; return buf; }