pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/editors/jove/patches PR/54528: greywolf: fix fortify i...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7a0872b7bcfe
branches:  trunk
changeset: 400881:7a0872b7bcfe
user:      christos <christos%pkgsrc.org@localhost>
date:      Fri Sep 06 14:51:42 2019 +0000

description:
PR/54528: greywolf: fix fortify issue with stack overwrites.

diffstat:

 editors/jove/patches/patch-proc.c |  29 +++++++++++++++++++++++++++++
 1 files changed, 29 insertions(+), 0 deletions(-)

diffs (33 lines):

diff -r 72bc744f1e14 -r 7a0872b7bcfe editors/jove/patches/patch-proc.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/jove/patches/patch-proc.c Fri Sep 06 14:51:42 2019 +0000
@@ -0,0 +1,29 @@
+# $NetBSD: patch-proc.c,v 1.1 2019/09/06 14:51:42 christos Exp $
+
+Don't smash the stack by using the same variable for input and output.
+
+--- proc.c     2015-10-15 14:12:25.000000000 -0400
++++ proc.c     2019-09-06 10:20:35.710848362 -0400
+@@ -330,18 +330,19 @@
+ char  *command;
+ {
+       static char     bnm[FILESIZE];
+-      register char   *cp = bnm,
++      char nm[FILESIZE];
++      char    *cp = nm,
+                       c;
+ 
+       do {
+               c = *command++;
+       } while (jiswhite(c));
+-      while (cp < &bnm[sizeof(bnm) - 1] && c != '\0' && !jiswhite(c)) {
++      while (cp < &nm[sizeof(nm) - 1] && c != '\0' && !jiswhite(c)) {
+               *cp++ = c;
+               c = *command++;
+       }
+       *cp = '\0';
+-      strcpy(bnm, jbasename(bnm));
++      strcpy(bnm, jbasename(nm));
+ 
+       return bnm;
+ }



Home | Main Index | Thread Index | Old Index