1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
|
Author: Fabian Greffrath <fabian+debian@greffrath.com>
Description: Fix buffer overflows when using long filenames or
passwords as arguments. Thanks, Antoine Cervoise.
Bug-Debian: https://bugs.debian.org/736929
--- a/source/apps/unace/exe/commline/commline.c
+++ b/source/apps/unace/exe/commline/commline.c
@@ -474,8 +474,10 @@ INT SwitchNumber,
case APPS_UNACE_EXE_COMMLINE_SWITCH_P:
{
- strcpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
- Switch + 1);
+ const size_t size = sizeof(BASE_OPTIONS.ExtractOptions.CryptionData.Password) - 1;
+ strncpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
+ Switch + 1, size);
+ BASE_OPTIONS.ExtractOptions.CryptionData.Password[size] = 0;
BASE_CRYPT.DoUseCurrentPassword = 1;
@@ -539,8 +541,10 @@ PCHAR PointPos;
{
if (APPS_EXE_COMMLINE.ArgumentCount < APPS_EXE_COMMLINE.ArgumentsNumber)
{
- strcpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
- APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++]);
+ const size_t size = sizeof(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) - 1;
+ strncpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
+ APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++], size);
+ APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName[size] = 0;
BASE_PATHFUNC_ToSystemPathSeparator(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName);
@@ -555,6 +559,8 @@ PCHAR PointPos;
&& !BASE_CONVERT_StrICmp(PointPos, ".ace")
&& !BASE_CONVERT_StrICmp(PointPos, ".exe")))
{
+ if (size - strlen(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) >=
+ strlen(BASE_ACESTRUC_EXTENSION))
strcat(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
BASE_ACESTRUC_EXTENSION);
}
|