void-packages/srcpkgs/hfsprogs/patches/fix-potential-buffer-overfl...

38 lines
1.2 KiB
Diff

Source: pullmoll
Upstream: no (feel free to suggest)
Reason: use snprintf to avoid potential buffer overruns and fix mis-typed != compare
--- a/fsck_hfs.tproj/utilities.c
+++ b/fsck_hfs.tproj/utilities.c
@@ -221,14 +221,12 @@
if ((dp = strrchr(name, '/')) == 0)
return (0);
*dp = 0;
- (void)strncpy(rawbuf, name, sizeof(rawbuf));
- *dp = '/';
#if LINUX
- (void)strncat(rawbuf, "/", sizeof(rawbuf));
+ snprintf(rawbuf, sizeof(rawbuf), "%s/%s", name, dp + 1);
#else
- (void)strncat(rawbuf, "/r", sizeof(rawbuf));
+ snprintf(rawbuf, sizeof(rawbuf), "%s/r%s", name, dp + 1);
#endif
- (void)strncat(rawbuf, &dp[1], sizeof(rawbuf));
+ *dp = '/';
return (rawbuf);
}
--- a/fsck_hfs.tproj/dfalib/SControl.c
+++ b/fsck_hfs.tproj/dfalib/SControl.c
@@ -321,9 +321,7 @@
dataArea.DrvNum = fsReadRef;
dataArea.liveVerifyState = liveMode;
dataArea.scanCount = scanCount;
- if (strncpy(dataArea.deviceNode, rdevnode, sizeof(dataArea.deviceNode)) != strlen(rdevnode)) {
- dataArea.deviceNode[0] = '\0';
- }
+ snprintf(dataArea.deviceNode, sizeof(dataArea.deviceNode), "%s", rdevnode);
/* there are cases where we cannot get the name of the volume so we */
/* set our default name to one blank */