Re: Bug#609096: Buffer overflow in xdigger with long argv[0]
On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote:
> Here's the new debdiff; thanks for your time!
Thanks for that.
Two small things:
+- strcat(strcpy(croom, " ROOM: "), slevel_number);
[...]
++ snprintf(croom, sizeof(croom), " ROOM: %s", slevel_number);
The new version has one fewer space than the original; I guessed that
the double space might be so that the string aligns with " LIVES: ".
+- strcpy(localhost, gethostbyname(localhost)->h_name);
+- strcpy(xhost, gethostbyname(xhost)->h_name);
++ snprintf(localhost, sizeof(localhost), gethostbyname(localhost)->h_name);
++ snprintf(xhost, sizeof(xhost), gethostbyname(xhost)->h_name);
Those should probably be strncpys, or have an explicit "%s" format string.
+xdigger (1.0.10-13+lenny1) unstable; urgency=low
s/unstable/stable/
Okay, I lied; it was three things. :)
With the above changes, please feel free to upload (bearing in mind that
the deadline for inclusion in the next point release is tomorrow).
Regards,
Adam
Reply to: