rpms / clamav

Clone
Source Code
GIT

Files

  1.   64ad03eeaa5a838d233788eed5915493310014cc
  2.   clamav-0.88.1-strncpy.patch
Blob Blame History Raw 
2006-04-24  Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>

	* libclamav/unrarlib.c/stricomp(): terminate the string copied
	  with strncpy() explicitly with '\0'. Does not seem to be
	  exploitable at the moment due to deeply buried constraints
	  (function will be called for buffers with a static size of
	  260 only).

	  But it is better to fix it now than to run into problems
	  when function is used for other purposes.

--- clamav-0.88.1/libclamav/unrarlib.c.strncpy	2005-06-23 22:03:12.000000000 +0200
+++ clamav-0.88.1/libclamav/unrarlib.c	2006-04-24 23:10:07.000000000 +0200
@@ -1180,8 +1180,10 @@ int stricomp(char *Str1,char *Str2)
   char S1[512],S2[512];
   char *chptr;
 
-  strncpy(S1,Str1,sizeof(S1));
-  strncpy(S2,Str2,sizeof(S2));
+  strncpy(S1,Str1,sizeof(S1));
+  strncpy(S2,Str2,sizeof(S2));
+  S1[sizeof(S1)-1] = '\0';
+  S2[sizeof(S2)-1] = '\0';
 
   while((chptr = strchr(S1, '\\')) != NULL) /* ignore backslash             */
   {
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.