clausklein / rpms / tftp

Forked from rpms/tftp 5 years ago
Clone
Source Code
GIT

Blame SOURCES/tftp-hpa-0.49-fortify-strcpy-crash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta
  1.   c8
  2.   SOURCES
  3.   tftp-hpa-0.49-fortify-strcpy-crash.patch
Blob History Raw
364356 
diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c
364356 
--- tftp-hpa-0.49.orig/tftp/tftp.c	2008-10-20 18:08:31.000000000 -0400
364356 
+++ tftp-hpa-0.49/tftp/tftp.c	2009-08-05 09:47:18.072585848 -0400
364356 
@@ -279,15 +279,16 @@
364356 
             struct tftphdr *tp, const char *mode)
364356 
 {
364356 
     char *cp;
364356 
+    size_t len;
364356
364356 
     tp->th_opcode = htons((u_short) request);
364356 
     cp = (char *)&(tp->th_stuff);
364356 
-    strcpy(cp, name);
364356 
-    cp += strlen(name);
364356 
-    *cp++ = '\0';
364356 
-    strcpy(cp, mode);
364356 
-    cp += strlen(mode);
364356 
-    *cp++ = '\0';
364356 
+    len = strlen(name) + 1;
364356 
+    memcpy(cp, name, len);
364356 
+    cp += len;
364356 
+    len = strlen(mode) + 1;
364356 
+    memcpy(cp, mode, len);
364356 
+    cp += len;
364356 
     return (cp - (char *)tp);
364356 
 }
364356

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation