1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Defend against buffer overflows when processing arguments
Origin: other
--- koules-1.4.orig/koules.sndsrv.linux.c
+++ koules-1.4/koules.sndsrv.linux.c
@@ -65,10 +65,9 @@
for (i = 0; i < NUM_SOUNDS; i++)
{
s[0] = 0;
- strcat (s, argv[1]);
- if (s[(int) strlen (s) - 1] == '/')
+ if (argv[1][(int) strlen (argv[1]) - 1] == '/')
FILENAME[i]++;
- strcat (s, FILENAME[i]);
+ snprintf(s, sizeof(s), "%s%s", argv[1], FILENAME[i]);
FILENAME[i] = malloc ((int) strlen (s) + 1);
strcpy (FILENAME[i], s);
sound_buffer[i] = NULL;
|
