Ticket #9486: 0001-iso9660-file-system-driver-buffer-overflows-bugfix.patch

File 0001-iso9660-file-system-driver-buffer-overflows-bugfix.patch, 1.5 KB (added by beos_zealot, 8 years ago)
  • src/add-ons/kernel/file_systems/iso9660/iso9660.cpp

    From 9cc9522dca27e60e9c73a34b529dc5fa2bd64504 Mon Sep 17 00:00:00 2001
    From: Gediminas Jarulaitis <beos.zealot@gmail.com>
    Date: Wed, 27 Feb 2013 20:44:19 +0200
    Subject: [PATCH] iso9660 file system driver buffer overflows bugfix
    
    ---
     src/add-ons/kernel/file_systems/iso9660/iso9660.cpp |   18 +++++++++---------
     1 file changed, 9 insertions(+), 9 deletions(-)
    
    diff --git a/src/add-ons/kernel/file_systems/iso9660/iso9660.cpp b/src/add-ons/kernel/file_systems/iso9660/iso9660.cpp
    index 039c57d..c115cc6 100644
    a b InitVolDesc(iso9660_volume *volume, char *buffer)  
    253253    buffer += 128;
    254254    TRACE(("InitVolDesc - volume app id string is %s\n", volume->appIDString));
    255255
    256     volume->copyright[38] = '\0';
    257     strncpy(volume->copyright, buffer, 38);
    258     buffer += 38;
     256    volume->copyright[37] = '\0';
     257    strncpy(volume->copyright, buffer, 37);
     258    buffer += 37;
    259259    TRACE(("InitVolDesc - copyright is %s\n", volume->copyright));
    260260
    261     volume->abstractFName[38] = '\0';
    262     strncpy(volume->abstractFName, buffer, 38);
    263     buffer += 38;
     261    volume->abstractFName[37] = '\0';
     262    strncpy(volume->abstractFName, buffer, 37);
     263    buffer += 37;
    264264
    265     volume->biblioFName[38] = '\0';
    266     strncpy(volume->biblioFName, buffer, 38);
    267     buffer += 38;
     265    volume->biblioFName[37] = '\0';
     266    strncpy(volume->biblioFName, buffer, 37);
     267    buffer += 37;
    268268
    269269    init_volume_date(&volume->createDate, buffer);
    270270    buffer += 17;