* [PATCH] bzip2recover: Fix buffer overflow for large argv[0].
@ 2019-01-01 0:00 Mark Wielaard
0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2019-01-01 0:00 UTC (permalink / raw)
To: bzip2-devel
Cc: Ivana Varekova, Lubomir Kundrak, Jakub Martiško, Mark Wielaard
Hi,
bzip2 lost its domain and got a new home at https://sourceware.org/bzip2/
It also didn't see a release for a very long time. Causing various patches
used by distros to not have been integrated upstream. We are trying to
collect them all and do a new release.
The following patch comes from Fedora.
Please let us know if we missed some others.
Thanks,
Mark
bzip2recover.c (main) copies argv[0] to a statically sized buffer
without checking whether argv[0] might be too big (> 2000 chars).
This patch comes from Fedora and was originally reported at
https://bugzilla.redhat.com/show_bug.cgi?id=226979
---
bzip2recover.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bzip2recover.c b/bzip2recover.c
index 06ac1f5..1a70e04 100644
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -309,7 +309,8 @@ Int32 main ( Int32 argc, Char** argv )
UInt32 buffHi, buffLo, blockCRC;
Char* p;
- strcpy ( progName, argv[0] );
+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+ progName[BZ_MAX_FILENAME-1]='\0';
inFileName[0] = outFileName[0] = 0;
fprintf ( stderr,
--
1.8.3.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-06-23 22:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-01 0:00 [PATCH] bzip2recover: Fix buffer overflow for large argv[0] Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).