1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Description: Fix fortify abort when LTO is enabled
Usually the Strncpy call in tftp_send_error cannot be inlined, but if
LTO is enabled GCC will inline it all the way to a strncpy call. This
call is subject to fortification checks and will always fail because
`th_msg` has zero size.
.
Fix by using memcpy instead. memcpy has weaker fortification rules
for structure members so it won't abort.
.
See: https://sourceware.org/pipermail/libc-alpha/2012-April/028823.html
And: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52944
Author: James Cowgill <jcowgill@debian.org>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/atftp/+bug/1989816
Forwarded: https://sourceforge.net/p/atftp/bugs/14/
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
@@ -168,9 +168,9 @@ int tftp_send_error(int socket, struct s
return ERR;
tftphdr->th_opcode = htons(ERROR);
tftphdr->th_code = htons(err_code);
- Strncpy(tftphdr->th_msg, tftp_errmsg[err_code], buffer_size - 4);
size = 4 + strlen(tftp_errmsg[err_code]) + 1;
+ memcpy(tftphdr->th_msg, tftp_errmsg[err_code], size - 4);
result = sendto(socket, tftphdr, size, 0, (struct sockaddr *)sa,
sizeof(*sa));
|
