git Service des IN-Ulm e.V. Erkunden Hilfe
Anmelden
cbiedl
/
file
1
0
Fork 0
Dateien Pull-Requests 0 Wiki
Struktur: 40aa54aa4f
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch

cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch 918 B
Verlauf Originalformat

12345678910111213141516171819202122232425262728293031 
  1. From: Christos Zoulas <christos@zoulas.com>
    2. 

  2. Date: Mon, 14 Feb 2022 16:26:10 +0000
    3. 

  3. Subject: PR/310: p870613: Don't use strlcpy to copy the string, it will try to
    4. 

  4.  scan the source string to find out how much space is needed the source string
    5. 

  5.  might not be NUL terminated.
    6. 

  6. Origin: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502
    7. 

  7. Bug: https://bugs.astron.com/view.php?id=310
    8. 

  8. Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48554
    9. 

  9. 

  10. ---
    11. 

  11.  src/funcs.c | 11 +++++++----
    12. 

  12.  1 file changed, 7 insertions(+), 4 deletions(-)
    13. 

  13. 

  14. --- a/src/funcs.c
    15. 

  15. +++ b/src/funcs.c
    16. 

  16. @@ -51,9 +51,12 @@
    17. 

  17.  protected char *
    18. 

  18.  file_copystr(char *buf, size_t blen, size_t width, const char *str)
    19. 

  19.  {
    20. 

  20. -	if (++width > blen)
    21. 

  21. -		width = blen;
    22. 

  22. -	strlcpy(buf, str, width);
    23. 

  23. +	if (blen == 0)
    24. 

  24. +		return buf;
    25. 

  25. +	if (width >= blen)
    26. 

  26. +		width = blen - 1;
    27. 

  27. +	memcpy(buf, str, width);
    28. 

  28. +	buf[width] = '\0';
    29. 

  29.  	return buf;
    30. 

  30.  }
    31. 

  31.  
    32.