clausklein / rpms / tftp

Forked from rpms/tftp 5 years ago
Clone

Blame SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch

10665a
diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c
10665a
--- tftp-hpa-0.49.orig/tftp/tftp.c	2008-10-20 18:08:31.000000000 -0400
10665a
+++ tftp-hpa-0.49/tftp/tftp.c	2009-08-05 09:47:18.072585848 -0400
10665a
@@ -279,15 +279,16 @@
10665a
             struct tftphdr *tp, const char *mode)
10665a
 {
10665a
     char *cp;
10665a
+    size_t len;
10665a
 
10665a
     tp->th_opcode = htons((u_short) request);
10665a
     cp = (char *)&(tp->th_stuff);
10665a
-    strcpy(cp, name);
10665a
-    cp += strlen(name);
10665a
-    *cp++ = '\0';
10665a
-    strcpy(cp, mode);
10665a
-    cp += strlen(mode);
10665a
-    *cp++ = '\0';
10665a
+    len = strlen(name) + 1;
10665a
+    memcpy(cp, name, len);
10665a
+    cp += len;
10665a
+    len = strlen(mode) + 1;
10665a
+    memcpy(cp, mode, len);
10665a
+    cp += len;
10665a
     return (cp - (char *)tp);
10665a
 }
10665a