Package: apt Version: 1.0.9.4 Severity: normal tags: security In apt-inst/extract.cc, this code appears: > if (Res.length() > sizeof(FileName)) > return _error->Error(_("The path %s is too long"),Res.c_str()); > if (Debug == true) > clog << "Followed conf file from " << FileName << " to " << > Res << endl; > Itm.Name = strcpy(FileName,Res.c_str()); "if (Res.length() > sizeof(FileName))" should either be "if (Res.length() >= sizeof(FileName))", or "if (Res.length() > sizeof(FileName - 1))". Thanks, -- -- Joshua Rogers <https://internot.info/>
Attachment:
signature.asc
Description: OpenPGP digital signature