File opiesu-overflow-CVE-2011-2489.patch of Package opie

--- opiesu.c.xx	2011-06-27 16:48:46.000000000 +0200
+++ opiesu.c	2011-06-27 16:50:18.000000000 +0200
@@ -102,7 +102,7 @@
 static char userbuf[16] = "USER=";
 static char homebuf[128] = "HOME=";
 static char shellbuf[128] = "SHELL=";
-static char pathbuf[sizeof("PATH") + sizeof(DEFAULT_PATH) - 1] = "PATH=";
+static char pathbuf[sizeof("PATH=") + sizeof(DEFAULT_PATH) - 1] = "PATH=";
 static char termbuf[32] = "TERM=";
 static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0};
 static char *user = "root";
@@ -260,10 +260,12 @@
   int argvsize = 0;
   for (i = 0; i < argc; argvsize += strlen(argv[i++]));
   argvsize += argc;
+  argvsize ++; /* final \0 */
   if (!(argvbuf = malloc(argvsize))) {
     syslog(LOG_ERR, "can't allocate memory to store command line");
     exit(1);
   };
+  argvbuf[0] = '\0';
   for (i = 0, *argvbuf = 0; i < argc;) {
     strcat(argvbuf, argv[i]);
     if (++i < argc)

Places

File opiesu-overflow-CVE-2011-2489.patch of Package opie

Places