clausklein / rpms / tftp

Forked from rpms/tftp 5 years ago
Clone
Source Code
GIT

Blame SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta
  1.   c8-beta
  2.   SOURCES
  3.   tftp-hpa-0.49-fortify-strcpy-crash.patch
Blob History Raw
c5edeb 
diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c
c5edeb 
--- tftp-hpa-0.49.orig/tftp/tftp.c	2008-10-20 18:08:31.000000000 -0400
c5edeb 
+++ tftp-hpa-0.49/tftp/tftp.c	2009-08-05 09:47:18.072585848 -0400
c5edeb 
@@ -279,15 +279,16 @@
c5edeb 
             struct tftphdr *tp, const char *mode)
c5edeb 
 {
c5edeb 
     char *cp;
c5edeb 
+    size_t len;
c5edeb
c5edeb 
     tp->th_opcode = htons((u_short) request);
c5edeb 
     cp = (char *)&(tp->th_stuff);
c5edeb 
-    strcpy(cp, name);
c5edeb 
-    cp += strlen(name);
c5edeb 
-    *cp++ = '\0';
c5edeb 
-    strcpy(cp, mode);
c5edeb 
-    cp += strlen(mode);
c5edeb 
-    *cp++ = '\0';
c5edeb 
+    len = strlen(name) + 1;
c5edeb 
+    memcpy(cp, name, len);
c5edeb 
+    cp += len;
c5edeb 
+    len = strlen(mode) + 1;
c5edeb 
+    memcpy(cp, mode, len);
c5edeb 
+    cp += len;
c5edeb 
     return (cp - (char *)tp);
c5edeb 
 }
c5edeb

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation