File: 1-fix-bufferovs

package info (click to toggle)
gnuserv 3.12.8-12
  • links: PTS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 832 kB
  • sloc: ansic: 5,138; lisp: 1,572; makefile: 419; sh: 268
file content (23 lines) | stat: -rw-r--r-- 686 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
Author: Mike O'Connor <stew@vireo.org>
Subject: fix buffer overflows

--- a/gnuserv.c
+++ b/gnuserv.c
@@ -138,7 +138,7 @@ void
 ipc_init (struct msgbuf **msgpp)
 {
   key_t key;			/* messge key */
-  char buf[GSERV_BUFSZ];	/* pathname for key */
+  char buf[GSERV_BUFSZ+1];	/* pathname for key */
 
   sprintf (buf,"%s/gsrv%d",tmpdir,(int)geteuid ());
   creat (buf,0600);
@@ -175,7 +175,7 @@ void
 handle_ipc_request (struct msgbuf *msgp)
 {
   struct msqid_ds msg_st;	/* message status */
-  char buf[GSERV_BUFSZ];
+  char buf[GSERV_BUFSZ+1];
   int len;			/* length of message / read */
   int s, result_len;            /* tag fields on the response from emacs */
   int offset = 0;