Module Name: pkgsrc
Committed By: christos
Date: Fri Sep 6 14:51:42 UTC 2019
Added Files:
pkgsrc/editors/jove/patches: patch-proc.c
Log Message:
PR/54528: greywolf: fix fortify issue with stack overwrites.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/editors/jove/patches/patch-proc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: pkgsrc/editors/jove/patches/patch-proc.c
diff -u /dev/null pkgsrc/editors/jove/patches/patch-proc.c:1.1
--- /dev/null Fri Sep 6 10:51:42 2019
+++ pkgsrc/editors/jove/patches/patch-proc.c Fri Sep 6 10:51:42 2019
@@ -0,0 +1,29 @@
+# $NetBSD: patch-proc.c,v 1.1 2019/09/06 14:51:42 christos Exp $
+
+Don't smash the stack by using the same variable for input and output.
+
+--- proc.c 2015-10-15 14:12:25.000000000 -0400
++++ proc.c 2019-09-06 10:20:35.710848362 -0400
+@@ -330,18 +330,19 @@
+ char *command;
+ {
+ static char bnm[FILESIZE];
+- register char *cp = bnm,
++ char nm[FILESIZE];
++ char *cp = nm,
+ c;
+
+ do {
+ c = *command++;
+ } while (jiswhite(c));
+- while (cp < &bnm[sizeof(bnm) - 1] && c != '\0' && !jiswhite(c)) {
++ while (cp < &nm[sizeof(nm) - 1] && c != '\0' && !jiswhite(c)) {
+ *cp++ = c;
+ c = *command++;
+ }
+ *cp = '\0';
+- strcpy(bnm, jbasename(bnm));
++ strcpy(bnm, jbasename(nm));
+
+ return bnm;
+ }