e1f2fc085e
using of implicitly declared functions was reported to cause segfaults on AMD64 (brought to my attention by Marc Perkel) - added patch which fixes wrong usage of strncpy(3) in unrarlib.c
27 lines
969 B
Diff
27 lines
969 B
Diff
2006-04-24 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
|
|
* libclamav/unrarlib.c/stricomp(): terminate the string copied
|
|
with strncpy() explicitly with '\0'. Does not seem to be
|
|
exploitable at the moment due to deeply buried constraints
|
|
(function will be called for buffers with a static size of
|
|
260 only).
|
|
|
|
But it is better to fix it now than to run into problems
|
|
when function is used for other purposes.
|
|
|
|
--- clamav-0.88.1/libclamav/unrarlib.c.strncpy 2005-06-23 22:03:12.000000000 +0200
|
|
+++ clamav-0.88.1/libclamav/unrarlib.c 2006-04-24 23:10:07.000000000 +0200
|
|
@@ -1180,8 +1180,10 @@ int stricomp(char *Str1,char *Str2)
|
|
char S1[512],S2[512];
|
|
char *chptr;
|
|
|
|
- strncpy(S1,Str1,sizeof(S1));
|
|
- strncpy(S2,Str2,sizeof(S2));
|
|
+ strncpy(S1,Str1,sizeof(S1));
|
|
+ strncpy(S2,Str2,sizeof(S2));
|
|
+ S1[sizeof(S1)-1] = '\0';
|
|
+ S2[sizeof(S2)-1] = '\0';
|
|
|
|
while((chptr = strchr(S1, '\\')) != NULL) /* ignore backslash */
|
|
{
|