File ncbi-6.1-strncat-overflow.patch of Package ncbi

diff -aruN ncbi.orig/cdromlib/cdnewlib.c ncbi/cdromlib/cdnewlib.c
--- ncbi.orig/cdromlib/cdnewlib.c	1999-03-12 19:44:57.000000000 +0100
+++ ncbi/cdromlib/cdnewlib.c	2012-09-06 20:29:09.644190323 +0200
@@ -2676,7 +2676,7 @@
 			char volname[16];
 			volname[0] = '\0';
 			if (cddev->volume != NULL)
-				strncat(volname,cddev->volume->volume_name,sizeof volname);
+				strncat(volname,cddev->volume->volume_name,sizeof volname-strlen(volname)-1);
 			else
 				sprintf(volname,"entrez%d",cddev->hint);
 			if (!FileBuildPath(fpath,volname,NULL))
@@ -2748,7 +2748,7 @@
 	memset((void*)&info,0,sizeof info);
 	fpath[0] = '\0';
 	if (cddev->inf.root !=NULL)
-		strncat(fpath,cddev->inf.root,sizeof fpath);
+		strncat(fpath,cddev->inf.root,sizeof fpath-strlen(fpath)-1);
 		
 	if (cddev->ins_volname)
 	{
@@ -2766,7 +2766,7 @@
 			{
 				fpath[0] = '\0';
 				if (cddev->inf.root !=NULL)
-					strncat(fpath,cddev->inf.root,sizeof fpath);
+					strncat(fpath,cddev->inf.root,sizeof fpath-strlen(fpath)-1);
 				sprintf(volname,"entrez%d",j+1);
 				FileBuildPath(fpath,volname,NULL);
 				if (CdTestPath(fpath,&info))
diff -aruN ncbi.orig/corelib/ncbierr.c ncbi/corelib/ncbierr.c
--- ncbi.orig/corelib/ncbierr.c	2009-08-14 20:01:09.000000000 +0200
+++ ncbi/corelib/ncbierr.c	2012-09-06 20:30:34.876187312 +0200
@@ -952,7 +952,7 @@
 	if (FileLength(file)==0 || (fd = FileOpen(file,s_msg_mode)) == NULL)
           {
             strcpy(path,info->msgpath);
-            strncat(path,file,sizeof(path));
+            strncat(path,file,sizeof(path)-strlen(path)-1);
             fd = FileOpen(path,s_msg_mode);
           }
 
diff -aruN ncbi.orig/corelib/ncbisgml.c ncbi/corelib/ncbisgml.c
--- ncbi.orig/corelib/ncbisgml.c	2002-12-09 15:40:37.000000000 +0100
+++ ncbi/corelib/ncbisgml.c	2012-09-06 20:33:17.768181561 +0200
@@ -262,7 +262,7 @@
 			{
 				char bad[SGML_ERROR_MSG_LIM];
 				bad[0] = '\0';
-				strncat(bad,sgml,SGML_ERROR_MSG_LIM);
+				strncat(bad,sgml,SGML_ERROR_MSG_LIM-strlen(bad)-1);
 				ErrPostEx(SEV_ERROR,E_SGML,3,"Unrecognized SGML entity &%s in [%s]",tbuf,bad);
 			}
 			else
@@ -281,7 +281,7 @@
 			{
 				char bad[SGML_ERROR_MSG_LIM];
 				bad[0] = '\0';
-				strncat(bad,sgml,SGML_ERROR_MSG_LIM);
+				strncat(bad,sgml,SGML_ERROR_MSG_LIM-strlen(bad)-1);
 				ErrPostEx(SEV_ERROR,E_SGML,2, "Unbalanced <> in SGML [%s]",bad);
 			}
 			else
@@ -337,7 +337,7 @@
 			{
 				char bad[SGML_ERROR_MSG_LIM];
 				bad[0] = '\0';
-				strncat(bad,sgml,SGML_ERROR_MSG_LIM);
+				strncat(bad,sgml,SGML_ERROR_MSG_LIM-strlen(bad)-1);
 				ErrPostEx(SEV_ERROR,E_SGML,3,"Unrecognized SGML entity &%s in [%s]",tbuf,bad);
 			}
 			else
@@ -351,7 +351,7 @@
 			{
 				char bad[SGML_ERROR_MSG_LIM];
 				bad[0] = '\0';
-				strncat(bad,sgml,SGML_ERROR_MSG_LIM);
+				strncat(bad,sgml,SGML_ERROR_MSG_LIM-strlen(bad)-1);
 				ErrPostEx(SEV_ERROR,E_SGML,2,"Unbalanced <> in SGML [%s]",bad);
 			}
 			else
openSUSE Build Service is sponsored by