git Service のサービス IN-Ulm e.V. エクスプローラ ヘルプ
サインイン
cbiedl
/
file
1
0
フォーク 0
ファイル プルリクエスト 0 Wiki
ツリー: 40aa54aa4f
ブランチ タグ
file
/
debian
/
patches
/
cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch

cherry-pick.FILE5_41-68-g497aabb2.PR-310-p870613-Don-t-use-strlcpy-to-copy-the-string-.patch 918 B
履歴 Raw

12345678910111213141516171819202122232425262728293031 
  1. From: Christos Zoulas <christos@zoulas.com>
    2. 

  2. Date: Mon, 14 Feb 2022 16:26:10 +0000
    3. 

  3. Subject: PR/310: p870613: Don't use strlcpy to copy the string, it will try to
    4. 

  4.  scan the source string to find out how much space is needed the source string
    5. 

  5.  might not be NUL terminated.
    6. 

  6. Origin: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502
    7. 

  7. Bug: https://bugs.astron.com/view.php?id=310
    8. 

  8. Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48554
    9. 

  9. 

  10. ---
    11. 

  11.  src/funcs.c | 11 +++++++----
    12. 

  12.  1 file changed, 7 insertions(+), 4 deletions(-)
    13. 

  13. 

  14. --- a/src/funcs.c
    15. 

  15. +++ b/src/funcs.c
    16. 

  16. @@ -51,9 +51,12 @@
    17. 

  17.  protected char *
    18. 

  18.  file_copystr(char *buf, size_t blen, size_t width, const char *str)
    19. 

  19.  {
    20. 

  20. -	if (++width > blen)
    21. 

  21. -		width = blen;
    22. 

  22. -	strlcpy(buf, str, width);
    23. 

  23. +	if (blen == 0)
    24. 

  24. +		return buf;
    25. 

  25. +	if (width >= blen)
    26. 

  26. +		width = blen - 1;
    27. 

  27. +	memcpy(buf, str, width);
    28. 

  28. +	buf[width] = '\0';
    29. 

  29.  	return buf;
    30. 

  30.  }
    31. 

  31.  
    32.