diff options
Diffstat (limited to 'extra/tftp-hpa/tftp-hpa-0.49-fortify-strcpy-crash.patch')
| -rw-r--r-- | extra/tftp-hpa/tftp-hpa-0.49-fortify-strcpy-crash.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/extra/tftp-hpa/tftp-hpa-0.49-fortify-strcpy-crash.patch b/extra/tftp-hpa/tftp-hpa-0.49-fortify-strcpy-crash.patch new file mode 100644 index 000000000..e9b70d471 --- /dev/null +++ b/extra/tftp-hpa/tftp-hpa-0.49-fortify-strcpy-crash.patch @@ -0,0 +1,26 @@ +diff -urN tftp-hpa-0.49.orig/tftp/tftp.c tftp-hpa-0.49/tftp/tftp.c +--- tftp-hpa-0.49.orig/tftp/tftp.c 2008-10-20 18:08:31.000000000 -0400 ++++ tftp-hpa-0.49/tftp/tftp.c 2009-08-05 09:47:18.072585848 -0400 +@@ -279,15 +279,16 @@ + struct tftphdr *tp, const char *mode) + { + char *cp; ++ size_t len; + + tp->th_opcode = htons((u_short) request); + cp = (char *)&(tp->th_stuff); +- strcpy(cp, name); +- cp += strlen(name); +- *cp++ = '\0'; +- strcpy(cp, mode); +- cp += strlen(mode); +- *cp++ = '\0'; ++ len = strlen(name) + 1; ++ memcpy(cp, name, len); ++ cp += len; ++ len = strlen(mode) + 1; ++ memcpy(cp, mode, len); ++ cp += len; + return (cp - (char *)tp); + } + |