r706 - trunk/sharutils

jim at linuxfromscratch.org jim at linuxfromscratch.org
Wed Dec 1 22:08:47 PST 2004


Author: jim
Date: 2004-12-01 23:08:47 -0700 (Wed, 01 Dec 2004)
New Revision: 706

Added:
   trunk/sharutils/sharutils-4.2.1-vulnerability_fix-1.patch
Log:
Added: sharutils-4.2.1-vulnerability_fix-1.patch

Added: trunk/sharutils/sharutils-4.2.1-vulnerability_fix-1.patch
===================================================================
--- trunk/sharutils/sharutils-4.2.1-vulnerability_fix-1.patch	2004-12-02 06:08:15 UTC (rev 705)
+++ trunk/sharutils/sharutils-4.2.1-vulnerability_fix-1.patch	2004-12-02 06:08:47 UTC (rev 706)
@@ -0,0 +1,20 @@
+Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
+Date:                    2004-11-30
+Initial Package Version: 4.2.1
+Upstream Status:         Not submitted (others have tried but the package
+                         maintainers don't reply)
+Origin:                  http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=909
+Description:             Fixes buffer-overrun vulnerability in the shar utility
+
+diff -Naur sharutils-4.2.1-orig/src/shar.c sharutils-4.2.1/src/shar.c
+--- sharutils-4.2.1-orig/src/shar.c	1999-09-10 19:20:41.000000000 +0000
++++ sharutils-4.2.1/src/shar.c	2004-11-30 18:19:55.938349824 +0000
+@@ -1905,7 +1905,7 @@
+ 	break;
+ 
+       case 'o':
+-	strcpy (output_base_name, optarg);
++	strncpy (output_base_name, optarg, sizeof(output_base_name));
+ 	if (!strchr (output_base_name, '%'))
+ 	  strcat (output_base_name, ".%02d");
+ 	part_number = 0;




More information about the patches mailing list