[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] bzip2recover: Fix buffer overflow for large argv.
bzip2 lost its domain and got a new home at https://sourceware.org/bzip2/
It also didn't see a release for a very long time. Causing various patches
used by distros to not have been integrated upstream. We are trying to
collect them all and do a new release.
The following patch comes from Fedora.
Please let us know if we missed some others.
bzip2recover.c (main) copies argv to a statically sized buffer
without checking whether argv might be too big (> 2000 chars).
This patch comes from Fedora and was originally reported at
bzip2recover.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bzip2recover.c b/bzip2recover.c
index 06ac1f5..1a70e04 100644
@@ -309,7 +309,8 @@ Int32 main ( Int32 argc, Char** argv )
UInt32 buffHi, buffLo, blockCRC;
- strcpy ( progName, argv );
+ strncpy ( progName, argv, BZ_MAX_FILENAME-1);
inFileName = outFileName = 0;
fprintf ( stderr,