| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- Author: Fabian Greffrath <fabian+debian@greffrath.com>
- Description: Fix buffer overflows when using long filenames or
- passwords as arguments. Thanks, Antoine Cervoise.
- Bug-Debian: https://bugs.debian.org/736929
- --- a/source/apps/unace/exe/commline/commline.c
- +++ b/source/apps/unace/exe/commline/commline.c
- @@ -474,8 +474,10 @@ INT SwitchNumber,
-
- case APPS_UNACE_EXE_COMMLINE_SWITCH_P:
- {
- - strcpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
- - Switch + 1);
- + const size_t size = sizeof(BASE_OPTIONS.ExtractOptions.CryptionData.Password) - 1;
- + strncpy(BASE_OPTIONS.ExtractOptions.CryptionData.Password,
- + Switch + 1, size);
- + BASE_OPTIONS.ExtractOptions.CryptionData.Password[size] = 0;
-
- BASE_CRYPT.DoUseCurrentPassword = 1;
-
- @@ -539,8 +541,10 @@ PCHAR PointPos;
- {
- if (APPS_EXE_COMMLINE.ArgumentCount < APPS_EXE_COMMLINE.ArgumentsNumber)
- {
- - strcpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
- - APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++]);
- + const size_t size = sizeof(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) - 1;
- + strncpy(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
- + APPS_EXE_COMMLINE.Arguments[APPS_EXE_COMMLINE.ArgumentCount++], size);
- + APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName[size] = 0;
-
- BASE_PATHFUNC_ToSystemPathSeparator(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName);
-
- @@ -555,6 +559,8 @@ PCHAR PointPos;
- && !BASE_CONVERT_StrICmp(PointPos, ".ace")
- && !BASE_CONVERT_StrICmp(PointPos, ".exe")))
- {
- + if (size - strlen(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName) >=
- + strlen(BASE_ACESTRUC_EXTENSION))
- strcat(APPS_UNACE_EXE_COMMLINE.WildcardedArchiveName,
- BASE_ACESTRUC_EXTENSION);
- }
|
