Overview

File gnash-0.8.10-buffer-overflow.patch of Package gnash

Index: cygnal/proc.cpp
===================================================================
--- cygnal/proc.cpp.orig
+++ cygnal/proc.cpp
@@ -122,23 +122,23 @@ Proc::startCGI(const string &filespec, b
     }
 
     // setup a command line. By default, argv[0] is the name of the process
-    cmd_line[0] = new char(filespec.size()+1);
+    cmd_line[0] = new char[filespec.size()+1];
     strcpy(cmd_line[0], filespec.c_str());
 
     // If the parent has verbosity on, chances are the child should too.
 //     if (dbglogfile.getVerbosity() > 0) {
-    cmd_line[1] = new char(3);
-    strcpy(cmd_line[1], "-n");
-    cmd_line[2] = new char(4);
-    strcpy(cmd_line[2], "-vv");
+    cmd_line[1] = new char[4];
+    strncpy(cmd_line[1], "-n", 3);
+    cmd_line[2] = new char[5];
+    strncpy(cmd_line[2], "-vv", 4);
     cmd_line[3] = 0;
 //     }
     
     // When running multiple cgis, we prefer to specify the port it's using.
     if (port > 0) {
-        cmd_line[3] = new char(3);
-        strcpy(cmd_line[3], "-p");
-        cmd_line[4] = new char(10);
+        cmd_line[3] = new char[4];
+        strncpy(cmd_line[3], "-p", 3);
+        cmd_line[4] = new char[10];
         sprintf(cmd_line[4], "%d", port);
         cmd_line[5] = 0;
     }
openSUSE Build Service is sponsored by
Places