[packages/libPropList] - compilation fix - note that a buffer overflow is still possible
witekfl
witekfl at pld-linux.org
Tue Jan 14 10:45:50 CET 2014
commit 345dde5f2301d604efa57a70f382c6690294442f
Author: Witold Filipczyk <witekfl at poczta.onet.pl>
Date: Tue Jan 14 10:44:12 2014 +0100
- compilation fix
- note that a buffer overflow is still possible
format-security.patch | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
---
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..f78e5be
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,22 @@
+--- libPropList-0.10.1/util.c.orig 2014-01-14 10:40:09.183601243 +0100
++++ libPropList-0.10.1/util.c 2014-01-14 10:41:31.031533654 +0100
+@@ -213,15 +213,15 @@ char *MakeDefaultsFilename()
+ sprintf(actual_filename, "%s/GNUstep", env);
+ }
+ else
+- sprintf(actual_filename, env);
++ strcpy(actual_filename, env);
+
+- sprintf(&(actual_filename[strlen(actual_filename)]), "/");
++ strcpy(&(actual_filename[strlen(actual_filename)]), "/");
+
+ env = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
+ if(!env)
+- sprintf(&(actual_filename[strlen(actual_filename)]), "Defaults");
++ strcpy(&(actual_filename[strlen(actual_filename)]), "Defaults");
+ else
+- sprintf(&(actual_filename[strlen(actual_filename)]), env);
++ strcpy(&(actual_filename[strlen(actual_filename)]), env);
+
+ return ManglePath(actual_filename);
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libPropList.git/commitdiff/1591259722be37ae41e52c834f09d16800589278
More information about the pld-cvs-commit
mailing list