]> git.ipfire.org Git - people/pmueller/ipfire-3.x.git/blobdiff - tftp/patches/tftp-hpa-0.49-fortify-strcpy-crash.patch
projects / people / pmueller / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tftp: New package.
[people/pmueller/ipfire-3.x.git] / tftp / patches / tftp-hpa-0.49-fortify-strcpy-crash.patch
diff --git a/tftp/patches/tftp-hpa-0.49-fortify-strcpy-crash.patch b/tftp/patches/tftp-hpa-0.49-fortify-strcpy-crash.patch
new file mode 100644 (file)
index 0000000..e9b70d4
--- /dev/null
+++ b/tftp/patches/tftp-hpa-0.49-fortify-strcpy-crash.patch
@@ -0,0 +1,26 @@
+diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c
+--- tftp-hpa-0.49.orig/tftp/tftp.c     2008-10-20 18:08:31.000000000 -0400
++++ tftp-hpa-0.49/tftp/tftp.c  2009-08-05 09:47:18.072585848 -0400
+@@ -279,15 +279,16 @@
+             struct tftphdr *tp, const char *mode)
+ {
+     char *cp;
++    size_t len;
+     tp->th_opcode = htons((u_short) request);
+     cp = (char *)&(tp->th_stuff);
+-    strcpy(cp, name);
+-    cp += strlen(name);
+-    *cp++ = '\0';
+-    strcpy(cp, mode);
+-    cp += strlen(mode);
+-    *cp++ = '\0';
++    len = strlen(name) + 1;
++    memcpy(cp, name, len);
++    cp += len;
++    len = strlen(mode) + 1;
++    memcpy(cp, mode, len);
++    cp += len;
+     return (cp - (char *)tp);
+ }
Peter's tree of IPFire 3.x