File cronolog-1.7.0-strncat-compilefix.patch of Package cronolog-enhanced
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: cronolog bufferoverflowstrncat cronolog.c:336, 340
poeml, Thu Mar 5 21:12:49 CET 2009
diff -uNrp cronolog-1.7.0.orig/src/cronolog.c cronolog-1.7.0/src/cronolog.c
--- cronolog-1.7.0.orig/src/cronolog.c 2004-07-28 21:09:50.000000000 +0200
+++ cronolog-1.7.0/src/cronolog.c 2009-03-05 21:10:58.600181000 +0100
@@ -333,11 +333,11 @@ main(int argc, char **argv)
}
break;
case 'r':
- strncat(handler, optarg, MAX_PATH );
+ strncat(handler, optarg, sizeof(handler) - strlen(optarg) - 1);
use_handler=1;
break;
case 'G':
- strncat(handler_arg, optarg, MAX_PATH );
+ strncat(handler_arg, optarg, sizeof(handler_arg) - strlen(optarg) - 1);
use_handler_arg=1;
break;
case 'n':