File: 07_sprintf-buffer-overflow.patch

package info (click to toggle)
acct 6.6.4-10
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,488 kB
  • sloc: ansic: 16,081; sh: 11,379; cpp: 290; makefile: 153
file content (21 lines) | stat: -rw-r--r-- 895 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
Description: Fix buffer overflow in dev_hash.c
Author: Jan Rybar
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2190057
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095035
Bug-Debian: https://bugs.debian.org/1108428
Bug: http://savannah.gnu.org/bugs/?67028
Last-Update: 2025-07-06

Index: acct-6.6.4/dev_hash.c
===================================================================
--- acct-6.6.4.orig/dev_hash.c
+++ acct-6.6.4/dev_hash.c
@@ -147,7 +147,7 @@ static void setup_devices(char *dirname)
     {
       char *fullname = (char *) alloca ((strlen (dirname)
                                          + NAMLEN (dp)
-                                         + 1) * sizeof (char));
+                                         + 2) * sizeof (char));  /* slash + null; Fedora BZ#2190057 */
 
       (void)sprintf (fullname, "%s/%s", dirname, dp->d_name);
       if (stat (fullname, &sp))