#! /bin/sh -e ## 03_newpatch.dpatch by James Troup <james@nocrew.org> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Fix unsafe str{cat,cpy} usage. if [ $# -ne 1 ]; then echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" exit 1 fi case "$1" in -patch) patch -f --no-backup-if-mismatch -p1 < $0;; -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; *) echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" exit 1;; esac exit 0 diff -urNad 03.xloadimage.tmp/config.c 03.xloadimage/config.c --- 03.xloadimage.tmp/config.c 2003-04-02 19:16:50.000000000 +0100 +++ 03.xloadimage/config.c 2003-04-02 19:16:44.000000000 +0100 @@ -256,7 +256,8 @@ } break; case parse_filter_name: /* name of filter program */ - strcpy(filter_name, buf); + strncpy(filter_name, buf, BUFSIZ - 1); + filter_name[BUFSIZ - 1] = '\0'; state= parse_filter_extension; break; case parse_filter_extension: @@ -454,7 +455,8 @@ #endif else if(*p == '~') { buf1[b1] = '\0'; - strcat(buf1, getenv("HOME")); + strncat(buf1, getenv("HOME"), BUFSIZ - strlen(buf1) - 1); + buf1[BUFSIZ - 1] = '\0'; b1 = strlen(buf1); var = 0; } @@ -462,7 +464,8 @@ if(var) { buf1[b1] = '\0'; buf2[b2] = '\0'; - strcat(buf1, getenv(buf2)); + strncat(buf1, getenv(buf2), BUFSIZ - strlen (buf1) - 1); + buf1[BUFSIZ - 1] = '\0'; b1 = strlen(buf1); buf2[0] = '\0'; b2 = 0; diff -urNad 03.xloadimage.tmp/faces.c 03.xloadimage/faces.c --- 03.xloadimage.tmp/faces.c 1993-10-21 22:28:37.000000000 +0100 +++ 03.xloadimage/faces.c 2003-04-02 19:16:44.000000000 +0100 @@ -108,9 +108,15 @@ if (! strcmp(buf, "\n")) break; if (!strncmp(buf, "FirstName:", 10)) - strcpy(fname, buf + 11); + { + strncpy(fname, buf + 11, BUFSIZ - 1); + fname[BUFSIZ - 1] = '\0'; + } else if (!strncmp(buf, "LastName:", 9)) - strcpy(lname, buf + 10); + { + strncpy(lname, buf + 10, BUFSIZ - 1); + lname[BUFSIZ - 1] = '\0'; + } else if (!strncmp(buf, "Image:", 6)) { if (sscanf(buf + 7, "%d%d%d", &iw, &ih, &id) != 3) { printf("%s: Bad Faces Project image\n", fullname); @@ -136,7 +142,7 @@ image= newRGBImage(w, h, d); fname[strlen(fname) - 1]= ' '; - strcat(fname, lname); + strncat(fname, lname, BUFSIZ - strlen(fname) -1); fname[strlen(fname) - 1]= '\0'; image->title= dupString(fname); diff -urNad 03.xloadimage.tmp/imagetypes.c 03.xloadimage/imagetypes.c --- 03.xloadimage.tmp/imagetypes.c 2003-04-02 19:16:50.000000000 +0100 +++ 03.xloadimage/imagetypes.c 2003-04-02 19:16:44.000000000 +0100 @@ -146,7 +146,10 @@ optptr++; /* skip comma */ } else - strcpy(typename, type); + { + strncpy(typename, type, 31); + typename[31] = '\0'; + } for (a= 0; ImageTypes[a].loader; a++) if (!strncmp(ImageTypes[a].type, typename, strlen(typename))) { diff -urNad 03.xloadimage.tmp/options.c 03.xloadimage/options.c --- 03.xloadimage.tmp/options.c 2003-04-02 19:16:50.000000000 +0100 +++ 03.xloadimage/options.c 2003-04-02 19:16:44.000000000 +0100 @@ -13,6 +13,9 @@ #include "image.h" #include "options.h" +#undef MIN +#define MIN(a, b) (((a) < (b)) ? (a) : (b)) + extern char *ProgramName; /* options array and definitions. If you add something to this you also * need to add its OptionId in options.h. @@ -883,12 +886,13 @@ */ p = index(*opt_string, ','); if (p != NULL) { - strncpy(option_name, *opt_string, p - *opt_string); - option_name[p - *opt_string] = '\0'; + strncpy(option_name, *opt_string, MIN(BUFSIZ - 1, p - *opt_string)); + option_name[MIN(BUFSIZ - 1, p - *opt_string)] = '\0'; *opt_string = p + 1; /* increment to next option */ } else { - strcpy(option_name, *opt_string); + strncpy(option_name, *opt_string, BUFSIZ -1); + option_name[BUFSIZ - 1] = '\0'; *opt_string += strlen(*opt_string); /* increment to end of string */ } *name = option_name; @@ -897,7 +901,8 @@ */ p = index(option_name, '='); if (p != NULL) { - strcpy(option_value, p + 1); + strncpy(option_value, p + 1, BUFSIZ - 1); + option_value[BUFSIZ - 1] = '\0'; *p = '\0'; /* stomp equals sign */ *value = option_value; } diff -urNad 03.xloadimage.tmp/packtar.c 03.xloadimage/packtar.c --- 03.xloadimage.tmp/packtar.c 1993-11-09 21:18:14.000000000 +0000 +++ 03.xloadimage/packtar.c 2003-04-02 19:16:44.000000000 +0100 @@ -48,9 +48,12 @@ char new_file[1024]; char *p; - strcpy(new_file, dir); /* target directory */ - strcat(new_file, "/"); - strcat(new_file, old_file); + strncpy(new_file, dir, 1023); /* target directory */ + new_file[1023] = '\0'; + strncat(new_file, "/", 1023 - strlen(new_file)); + new_file[1023] = '\0'; + strncat(new_file, old_file, 1023 - strlen(new_file)); + new_file[1023] = '\0'; for (p = new_file; p = strchr(p, '/'); p++) { *p = '\0'; /* stomp directory separator */