Subject: [PATCH] r1335: Applied patch from Emiliano to fix possible buffer overflow --- debian/changelog | 2 ++ src/elogd.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) be90cd68ad16c29ef3b7ba8c5ad89aa4a08afec1 diff --git a/debian/changelog b/debian/changelog index 9f49646..36c80d1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ elog (2.5.7+r1558-4+sarge1) unstable; ur * Security update * Backport r1333 from upstream's Subversion repository: "Fixed crashes with very long (revisions) attributes" + * Backport r1335 from upstream's Subversion repository: + "Applied patch from Emiliano to fix possible buffer overflow" -- Florian Weimer Mon, 23 Jan 2006 15:56:37 +0100 diff --git a/src/elogd.c b/src/elogd.c index 802e1dd..5417544 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -5257,7 +5257,7 @@ void write_logfile(LOGBOOK * lbs, const char str[10000]; FILE *f; time_t now; - char buf[1000]; + char buf[10000]; if (lbs == NULL) { if (!getcfg("global", "logfile", str, sizeof(str))) @@ -7239,7 +7239,7 @@ BOOL change_pwd(LOGBOOK * lbs, char *use getcfg(lbs->name, "Password file", str, sizeof(str)); if (str[0] == DIR_SEPARATOR || str[1] == ':') - strcpy(file_name, str); + strlcpy(file_name, str, sizeof(file_name)); else { strlcpy(file_name, resource_dir, sizeof(file_name)); strlcat(file_name, str, sizeof(file_name)); -- 1.1.3