Overview

File mgetty-fix-buffer-overflow.patch of Package mgetty.12101

Index: mgetty-1.1.37/faxrec.c
===================================================================
--- mgetty-1.1.37.orig/faxrec.c
+++ mgetty-1.1.37/faxrec.c
@@ -192,7 +192,7 @@ time_t	ti;
 
     lprintf( L_NOISE, "fax_notify_mail: sending mail to: %s", mail_to );
 
-    sprintf( buf, "%s %s >/dev/null 2>&1", MAILER, mail_to );
+    sprintf( buf, "%.80s \"%.150s\" >/dev/null 2>&1", MAILER, mail_to );
 
     pipe_fp = popen( buf, "w" );
     if ( pipe_fp == NULL )
Index: mgetty-1.1.37/contrib/next-login/login.c
===================================================================
--- mgetty-1.1.37.orig/contrib/next-login/login.c
+++ mgetty-1.1.37/contrib/next-login/login.c
@@ -218,7 +218,9 @@ main(argc, argv)
 				badlogin(tbuf);
 			failures = 0;
 		}
-		(void)strcpy(tbuf, username);
+		(void)strncpy(tbuf, username, sizeof(tbuf)-1);
+		tbuf[sizeof(tbuf)-1] = '\0';
+
 		if (pwd = getpwnam(username))
 			salt = pwd->pw_passwd;
 		else
openSUSE Build Service is sponsored by
Places