Overview

File bufferoverflowstrncat.patch of Package libindi

--- indiserver.c.orig	2011-05-27 23:14:50.000000000 +0300
+++ indiserver.c	2011-06-26 13:26:07.677000014 +0300
@@ -788,11 +788,11 @@
                 /* Get rid of quotes */
                 else if (strstr(token, "\"") || strstr(token, "'"))
                 {
-                    strncat(tDev, ++token, MAXRBUF);
+                    strncat(tDev, ++token, sizeof(tDev)-strlen(tDev)-1);
                     while (token = strsep(&cp, delm) )
                    {
                      strcat(tDev, " ");
-                     strncat(tDev, token, MAXRBUF);
+                     strncat(tDev, token, sizeof(tDev)-strlen(tDev)-1);
                      if ( (tp=strchr(tDev, '\"')) || (tp=strchr(tDev, '\'')))
                      {
                          //tDev[strlen(tDev)-1] = '\0';
@@ -815,11 +815,11 @@
                       /* Get rid of quotes */
                       if (strstr(token, "\"") || strstr(token, "'"))
                       {
-                       strncat(tConfig, ++token, MAXRBUF);
+                       strncat(tConfig, ++token, sizeof(tConfig)-strlen(tDev)-1);
                        while (token = strsep(&cp, delm) )
                        {
                           strcat(tConfig, " ");
-                          strncat(tConfig, token, MAXRBUF);
+                          strncat(tConfig, token, sizeof(tConfig)-strlen(tDev)-1);
 
                           if ( (tp=strchr(tConfig, '\"')) || (tp=strchr(tConfig, '\'')))
                           {
openSUSE Build Service is sponsored by
Places