Blame SOURCES/cdrkit-1.1.9-buffer_overflow.patch

8c1a2e
diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
8c1a2e
--- origin-1.1.9/wodim/scsi_cdr.c	2008-02-25 12:14:07.000000000 +0100
8c1a2e
+++ master-1.1.9/wodim/scsi_cdr.c	2009-07-16 12:01:29.000000000 +0200
8c1a2e
@@ -2181,26 +2181,30 @@
8c1a2e
 		if (inq->add_len == 0) {
8c1a2e
 			if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
8c1a2e
 				usalp->dev = DEV_ACB5500;
8c1a2e
-				strcpy(inq->vendor_info,
8c1a2e
-					"ADAPTEC ACB-5500        FAKE");
8c1a2e
+				strncpy(inq->vendor_info, "ADAPTEC ", 8);
8c1a2e
+				strncpy(inq->prod_ident,"ACB-5500        ", 16);
8c1a2e
+				strncpy(inq->prod_revision, "FAKE", 4);
8c1a2e
 
8c1a2e
 			} else switch (usalp->dev) {
8c1a2e
-
8c1a2e
 				case DEV_ACB40X0:
8c1a2e
-					strcpy(inq->vendor_info,
8c1a2e
-							"ADAPTEC ACB-40X0        FAKE");
8c1a2e
+					strncpy(inq->vendor_info, "ADAPTEC ", 8);
8c1a2e
+					strncpy(inq->prod_ident, "ACB-40X0        ",16);
8c1a2e
+					strncpy(inq->prod_revision, "FAKE", 4);
8c1a2e
 					break;
8c1a2e
 				case DEV_ACB4000:
8c1a2e
-					strcpy(inq->vendor_info,
8c1a2e
-							"ADAPTEC ACB-4000        FAKE");
8c1a2e
+					strncpy(inq->vendor_info, "ADAPTEC ",8);
8c1a2e
+					strncpy(inq->prod_ident, "ACB-4000        ",16);
8c1a2e
+					strncpy(inq->prod_revision, "FAKE",4);
8c1a2e
 					break;
8c1a2e
 				case DEV_ACB4010:
8c1a2e
-					strcpy(inq->vendor_info,
8c1a2e
-							"ADAPTEC ACB-4010        FAKE");
8c1a2e
+					strncpy(inq->vendor_info, "ADAPTEC ",8);
8c1a2e
+					strncpy(inq->prod_ident, "ACB-4010        ",16);
8c1a2e
+					strncpy(inq->prod_revision, "FAKE",4);
8c1a2e
 					break;
8c1a2e
 				case DEV_ACB4070:
8c1a2e
-					strcpy(inq->vendor_info,
8c1a2e
-							"ADAPTEC ACB-4070        FAKE");
8c1a2e
+					strncpy(inq->vendor_info,"ADAPTEC ",8);
8c1a2e
+					strncpy(inq->prod_ident, "ACB-4070        ", 16);
8c1a2e
+					strncpy(inq->prod_revision, "FAKE",4 );
8c1a2e
 					break;
8c1a2e
 			}
8c1a2e
 		} else if (inq->add_len < 31) {
8c1a2e
@@ -2230,14 +2234,16 @@
8c1a2e
 
8c1a2e
 	case INQ_SEQD:
8c1a2e
 		if (usalp->dev == DEV_SC4000) {
8c1a2e
-			strcpy(inq->vendor_info,
8c1a2e
-				"SYSGEN  SC4000          FAKE");
8c1a2e
+			strncpy(inq->vendor_info,"SYSGEN  ",8);
8c1a2e
+			strncpy(inq->prod_ident, "SC4000          ",16);
8c1a2e
+			strncpy(inq->prod_revision, "FAKE",4);
8c1a2e
 		} else if (inq->add_len == 0 &&
8c1a2e
 					inq->removable &&
8c1a2e
 						inq->ansi_version == 1) {
8c1a2e
 			usalp->dev = DEV_MT02;
8c1a2e
-			strcpy(inq->vendor_info,
8c1a2e
-				"EMULEX  MT02            FAKE");
8c1a2e
+			strncpy(inq->vendor_info,"EMULEX  ",8);
8c1a2e
+			strncpy(inq->prod_ident, "MT02            ",16);
8c1a2e
+			strncpy(inq->prod_revision, "FAKE",4);
8c1a2e
 		}
8c1a2e
 		break;
8c1a2e