unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 717377119b1ece3d31777984780ea052cd403b7b 4800 bytes (raw)
name: packages/patches/unzip-COVSCAN-fix-unterminated-string.patch 	 # note: path name is non-authoritative(*)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
From 06d1b08aef94984256cad3c5a54cedb10295681f Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Thu, 8 Nov 2018 09:31:18 +0100
Subject: [PATCH] Possible unterminated string fix

---
 unix/unix.c   |  4 +++-
 unix/unxcfg.h |  2 +-
 unzip.c       | 12 ++++++++----
 zipinfo.c     | 12 ++++++++----
 4 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/unix/unix.c b/unix/unix.c
index 59b622d..cd57f80 100644
--- a/unix/unix.c
+++ b/unix/unix.c
@@ -1945,7 +1945,9 @@ void init_conversion_charsets()
     	for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
     		if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
     			strncpy(OEM_CP, dos_charset_map[i].archive_charset,
-    					sizeof(OEM_CP));
+    					MAX_CP_NAME - 1);
+
+			OEM_CP[MAX_CP_NAME - 1] = '\0';
     			break;
     		}
     }
diff --git a/unix/unxcfg.h b/unix/unxcfg.h
index 8729de2..9ee8cfe 100644
--- a/unix/unxcfg.h
+++ b/unix/unxcfg.h
@@ -228,7 +228,7 @@ typedef struct stat z_stat;
 /*    and notfirstcall are used by do_wild().                          */
 
 
-#define MAX_CP_NAME 25 
+#define MAX_CP_NAME 25 + 1 
    
 #ifdef SETLOCALE
 #  undef SETLOCALE
diff --git a/unzip.c b/unzip.c
index 2d94a38..a485f2b 100644
--- a/unzip.c
+++ b/unzip.c
@@ -1561,7 +1561,8 @@ int uz_opts(__G__ pargc, pargv)
         		                  "error:  a valid character encoding should follow the -I argument"));
     	                        return(PK_PARAM); 
     						}
-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
+    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
+                ISO_CP[MAX_CP_NAME - 1] = '\0';
     					} else { /* -I charset */
     						++argv;
     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
@@ -1570,7 +1571,8 @@ int uz_opts(__G__ pargc, pargv)
     	                        return(PK_PARAM); 
     						}
     						s = *argv;
-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
+    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
+                ISO_CP[MAX_CP_NAME - 1] = '\0';
     					}
     					while(*(++s)); /* No params straight after charset name */
     				}
@@ -1665,7 +1667,8 @@ int uz_opts(__G__ pargc, pargv)
         		                  "error:  a valid character encoding should follow the -I argument"));
     	                        return(PK_PARAM); 
     						}
-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
+    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
+                OEM_CP[MAX_CP_NAME - 1] = '\0';
     					} else { /* -O charset */
     						++argv;
     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
@@ -1674,7 +1677,8 @@ int uz_opts(__G__ pargc, pargv)
     	                        return(PK_PARAM); 
     						}
     						s = *argv;
-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
+    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
+                OEM_CP[MAX_CP_NAME - 1] = '\0';
     					}
     					while(*(++s)); /* No params straight after charset name */
     				}
diff --git a/zipinfo.c b/zipinfo.c
index accca2a..cb7e08d 100644
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -519,7 +519,8 @@ int zi_opts(__G__ pargc, pargv)
         		                  "error:  a valid character encoding should follow the -I argument"));
     	                        return(PK_PARAM); 
     						}
-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
+    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
+                ISO_CP[MAX_CP_NAME - 1] = '\0';
     					} else { /* -I charset */
     						++argv;
     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
@@ -528,7 +529,8 @@ int zi_opts(__G__ pargc, pargv)
     	                        return(PK_PARAM); 
     						}
     						s = *argv;
-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
+    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
+                ISO_CP[MAX_CP_NAME - 1] = '\0';
     					}
     					while(*(++s)); /* No params straight after charset name */
     				}
@@ -568,7 +570,8 @@ int zi_opts(__G__ pargc, pargv)
         		                  "error:  a valid character encoding should follow the -I argument"));
     	                        return(PK_PARAM); 
     						}
-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
+    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
+                OEM_CP[MAX_CP_NAME - 1] = '\0';
     					} else { /* -O charset */
     						++argv;
     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
@@ -577,7 +580,8 @@ int zi_opts(__G__ pargc, pargv)
     	                        return(PK_PARAM); 
     						}
     						s = *argv;
-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
+    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
+                OEM_CP[MAX_CP_NAME - 1] = '\0';
     					}
     					while(*(++s)); /* No params straight after charset name */
     				}
-- 
2.14.5


debug log:

solving 717377119b1ece3d31777984780ea052cd403b7b ...
found 717377119b1ece3d31777984780ea052cd403b7b in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).