Bug#449507: axel: should use strncpy

[Y Giridhar Appaji Nag <giridhar@appaji.net>]

Package: axel
Version: 1.0b-3
Severity: normal
Tags: patch

axel copies filenames, URLs etc. into fixed size (MAX_STRING in axel.h)
buffers.  It should use strncpy instead of strcpy.  This will avoid some
problems like those reported in #196431

Giridhar

--
Y Giridhar Appaji Nag | http://www.appaji.net/

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable'), (700, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages axel depends on:
ii  libc6                         2.6.1-1+b1 GNU C Library: Shared libraries

axel recommends no packages.

-- no debconf information

diff -Nur original/axel-1.0b/axel.c axel-1.0b/axel.c
--- original/axel-1.0b/axel.c	2002-05-03 18:15:11.000000000 +0530
+++ axel-1.0b/axel.c	2007-11-06 12:23:14.596683000 +0530
@@ -64,7 +64,7 @@
 	{
 		axel->url = malloc( sizeof( url_t ) );
 		axel->url->next = axel->url;
-		strcpy( axel->url->text, (char *) url );
+		strncpy( axel->url->text, (char *) url, MAX_STRING );
 	}
 	else
 	{
@@ -72,7 +72,7 @@
 		u = axel->url = malloc( sizeof( url_t ) );
 		for( i = 0; i < count; i ++ )
 		{
-			strcpy( u->text, res[i].url );
+			strncpy( u->text, res[i].url, MAX_STRING );
 			if( i < count - 1 )
 			{
 				u->next = malloc( sizeof( url_t ) );
@@ -96,10 +96,10 @@
 	axel->conn[0].local_if = axel->conf->interfaces->text;
 	axel->conf->interfaces = axel->conf->interfaces->next;
 	
-	strcpy( axel->filename, axel->conn[0].file );
+	strncpy( axel->filename, axel->conn[0].file, MAX_STRING );
 	http_decode( axel->filename );
 	if( *axel->filename == 0 )	/* Index page == no fn		*/
-		strcpy( axel->filename, axel->conf->default_filename );
+		strncpy( axel->filename, axel->conf->default_filename, MAX_STRING );
 	if( ( s = strchr( axel->filename, '?' ) ) != NULL && axel->conf->strip_cgi_parameters )
 		*s = 0;		/* Get rid of CGI parameters		*/
 	
@@ -119,7 +119,7 @@
 		return( axel );
 	}
 	s = conn_url( axel->conn );
-	strcpy( axel->url->text, s );
+	strncpy( axel->url->text, s, MAX_STRING );
 	if( ( axel->size = axel->conn[0].size ) != INT_MAX )
 	{
 		if( axel->conf->verbose > 0 )
@@ -128,7 +128,7 @@
 	
 	/* Wildcards in URL --> Get complete filename			*/
 	if( strchr( axel->filename, '*' ) || strchr( axel->filename, '?' ) )
-		strcpy( axel->filename, axel->conn[0].file );
+		strncpy( axel->filename, axel->conn[0].file, MAX_STRING );
 	
 	return( axel );
 }
diff -Nur original/axel-1.0b/conn.c axel-1.0b/conn.c
--- original/axel-1.0b/conn.c	2005-04-06 23:48:28.000000000 +0530
+++ axel-1.0b/conn.c	2007-11-06 12:16:05.675314000 +0530
@@ -74,12 +74,12 @@
 		*j = '?';
 	if( i == NULL )
 	{
-		strcpy( conn->file, conn->dir );
+		strncpy( conn->file, conn->dir, MAX_STRING );
 		strcpy( conn->dir, "/" );
 	}
 	else
 	{
-		strcpy( conn->file, i + 1 );
+		strncpy( conn->file, i + 1, MAX_STRING );
 		strcat( conn->dir, "/" );
 	}
 	
@@ -89,7 +89,7 @@
 		strncpy( conn->user, conn->host, MAX_STRING );
 		i = strrchr( conn->user, '@' );
 		*i = 0;
-		strcpy( conn->host, i + 1 );
+		strncpy( conn->host, i + 1, MAX_STRING );
 		*conn->pass = 0;
 	}
 	/* If not: Fill in defaults					*/
@@ -112,7 +112,7 @@
 	if( ( i = strchr( conn->user, ':' ) ) != NULL )
 	{
 		*i = 0;
-		strcpy( conn->pass, i + 1 );
+		strncpy( conn->pass, i + 1, MAX_STRING );
 	}
 	/* Port number?							*/
 	if( ( i = strchr( conn->host, ':' ) ) != NULL )