File: 16-buffer-overflows.patch

package info (click to toggle)
unace-nonfree 2.5-9
  • links: PTS, VCS
  • area: non-free
  • in suites: bullseye, buster, trixie
  • size: 1,852 kB
  • ctags: 3,601
  • sloc: ansic: 14,590; makefile: 47; sh: 32; cpp: 21
file content (42 lines) | stat: -rw-r--r-- 1,958 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
Author: Fabian Greffrath <fabian+debian@greffrath.com>
Description: Fix buffer overflows when using long filenames or
 passwords as arguments. Thanks, Antoine Cervoise.
Bug-Debian: https://bugs.debian.org/736929

--- a/source/apps/unace/exe/commline/commline.c
+++ b/source/apps/unace/exe/commline/commline.c
@@ -474,8 +474,10 @@ INT       SwitchNumber,
 
           case APPS_UNACE_EXE_COMMLINE_SWITCH_P:
           {
-            strcpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
-                   Switch + 1);
+            const size_t size = sizeof(BASE_OPTIONS.ExtractOptions.CryptionData.Password) - 1;
+            strncpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
+                    Switch + 1, size);
+            BASE_OPTIONS.ExtractOptions.CryptionData.Password[size] = 0;
 
             BASE_CRYPT.DoUseCurrentPassword = 1;
 
@@ -539,8 +541,10 @@ PCHAR     PointPos;
   {
     if (APPS_EXE_COMMLINE.ArgumentCount < APPS_EXE_COMMLINE.ArgumentsNumber)
     {
-      strcpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
-             APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++]);
+      const size_t size = sizeof(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) - 1;
+      strncpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
+              APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++], size);
+      APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName[size] = 0;
 
       BASE_PATHFUNC_ToSystemPathSeparator(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName);
 
@@ -555,6 +559,8 @@ PCHAR     PointPos;
               && !BASE_CONVERT_StrICmp(PointPos, ".ace")
               && !BASE_CONVERT_StrICmp(PointPos, ".exe")))
       {
+        if (size - strlen(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) >=
+            strlen(BASE_ACESTRUC_EXTENSION))
         strcat(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
                BASE_ACESTRUC_EXTENSION);
       }