Package: axel
Version: 1.0b-3
Severity: normal
Tags: patch
axel copies filenames, URLs etc. into fixed size (MAX_STRING in axel.h)
buffers. It should use strncpy instead of strcpy. This will avoid some
problems like those reported in #196431
Giridhar
--
Y Giridhar Appaji Nag | http://www.appaji.net/
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable'), (700, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages axel depends on:
ii libc6 2.6.1-1+b1 GNU C Library: Shared libraries
axel recommends no packages.
-- no debconf information
diff -Nur original/axel-1.0b/axel.c axel-1.0b/axel.c
--- original/axel-1.0b/axel.c 2002-05-03 18:15:11.000000000 +0530
+++ axel-1.0b/axel.c 2007-11-06 12:23:14.596683000 +0530
@@ -64,7 +64,7 @@
{
axel->url = malloc( sizeof( url_t ) );
axel->url->next = axel->url;
- strcpy( axel->url->text, (char *) url );
+ strncpy( axel->url->text, (char *) url, MAX_STRING );
}
else
{
@@ -72,7 +72,7 @@
u = axel->url = malloc( sizeof( url_t ) );
for( i = 0; i < count; i ++ )
{
- strcpy( u->text, res[i].url );
+ strncpy( u->text, res[i].url, MAX_STRING );
if( i < count - 1 )
{
u->next = malloc( sizeof( url_t ) );
@@ -96,10 +96,10 @@
axel->conn[0].local_if = axel->conf->interfaces->text;
axel->conf->interfaces = axel->conf->interfaces->next;
- strcpy( axel->filename, axel->conn[0].file );
+ strncpy( axel->filename, axel->conn[0].file, MAX_STRING );
http_decode( axel->filename );
if( *axel->filename == 0 ) /* Index page == no fn */
- strcpy( axel->filename, axel->conf->default_filename );
+ strncpy( axel->filename, axel->conf->default_filename, MAX_STRING );
if( ( s = strchr( axel->filename, '?' ) ) != NULL && axel->conf->strip_cgi_parameters )
*s = 0; /* Get rid of CGI parameters */
@@ -119,7 +119,7 @@
return( axel );
}
s = conn_url( axel->conn );
- strcpy( axel->url->text, s );
+ strncpy( axel->url->text, s, MAX_STRING );
if( ( axel->size = axel->conn[0].size ) != INT_MAX )
{
if( axel->conf->verbose > 0 )
@@ -128,7 +128,7 @@
/* Wildcards in URL --> Get complete filename */
if( strchr( axel->filename, '*' ) || strchr( axel->filename, '?' ) )
- strcpy( axel->filename, axel->conn[0].file );
+ strncpy( axel->filename, axel->conn[0].file, MAX_STRING );
return( axel );
}
diff -Nur original/axel-1.0b/conn.c axel-1.0b/conn.c
--- original/axel-1.0b/conn.c 2005-04-06 23:48:28.000000000 +0530
+++ axel-1.0b/conn.c 2007-11-06 12:16:05.675314000 +0530
@@ -74,12 +74,12 @@
*j = '?';
if( i == NULL )
{
- strcpy( conn->file, conn->dir );
+ strncpy( conn->file, conn->dir, MAX_STRING );
strcpy( conn->dir, "/" );
}
else
{
- strcpy( conn->file, i + 1 );
+ strncpy( conn->file, i + 1, MAX_STRING );
strcat( conn->dir, "/" );
}
@@ -89,7 +89,7 @@
strncpy( conn->user, conn->host, MAX_STRING );
i = strrchr( conn->user, '@' );
*i = 0;
- strcpy( conn->host, i + 1 );
+ strncpy( conn->host, i + 1, MAX_STRING );
*conn->pass = 0;
}
/* If not: Fill in defaults */
@@ -112,7 +112,7 @@
if( ( i = strchr( conn->user, ':' ) ) != NULL )
{
*i = 0;
- strcpy( conn->pass, i + 1 );
+ strncpy( conn->pass, i + 1, MAX_STRING );
}
/* Port number? */
if( ( i = strchr( conn->host, ':' ) ) != NULL )
