clausklein / rpms / tftp

Forked from rpms/tftp 5 years ago
Clone
Source Code
GIT

Blame SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta
  1.   c7
  2.   SOURCES
  3.   tftp-hpa-0.49-fortify-strcpy-crash.patch
Blob History Raw
0805be 
diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c
0805be 
--- tftp-hpa-0.49.orig/tftp/tftp.c	2008-10-20 18:08:31.000000000 -0400
0805be 
+++ tftp-hpa-0.49/tftp/tftp.c	2009-08-05 09:47:18.072585848 -0400
0805be 
@@ -279,15 +279,16 @@
0805be 
             struct tftphdr *tp, const char *mode)
0805be 
 {
0805be 
     char *cp;
0805be 
+    size_t len;
0805be
0805be 
     tp->th_opcode = htons((u_short) request);
0805be 
     cp = (char *)&(tp->th_stuff);
0805be 
-    strcpy(cp, name);
0805be 
-    cp += strlen(name);
0805be 
-    *cp++ = '\0';
0805be 
-    strcpy(cp, mode);
0805be 
-    cp += strlen(mode);
0805be 
-    *cp++ = '\0';
0805be 
+    len = strlen(name) + 1;
0805be 
+    memcpy(cp, name, len);
0805be 
+    cp += len;
0805be 
+    len = strlen(mode) + 1;
0805be 
+    memcpy(cp, mode, len);
0805be 
+    cp += len;
0805be 
     return (cp - (char *)tp);
0805be 
 }
0805be

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation