overflows.patch

   1 Fix possible buffer overflows (given we're copying to storage of AFP_MAX_PATH,
   2 while AFP_MAX_PATH is much smaller than PATH_MAX)
   3
   4 Lubomir Rintel <lkundrak@v3.sk>
   5
   6 --- afpfs-ng-0.8.1/cmdline/cmdline_afp.c.overflows      2008-10-06 19:21:32.000000000 +0200
   7 +++ afpfs-ng-0.8.1/cmdline/cmdline_afp.c        2008-10-06 19:13:50.000000000 +0200
   8 @@ -129,9 +129,9 @@
   9  {
  10         if (filename[0]!='/') {
  11                 if (strlen(curdir)==1)
  12 -                       snprintf(server_fullname,PATH_MAX,"/%s",filename);
  13 +                       snprintf(server_fullname,AFP_MAX_PATH,"/%s",filename);
  14                 else
  15 -                       snprintf(server_fullname,PATH_MAX,"%s/%s",curdir,filename);
  16 +                       snprintf(server_fullname,AFP_MAX_PATH,"%s/%s",curdir,filename);
  17         } else {
  18                 snprintf(server_fullname,PATH_MAX,"%s",filename);
  19         }
  20 @@ -1217,7 +1217,7 @@
  21  {
  22         struct passwd * passwd;
  23
  24 -       snprintf(curdir,PATH_MAX,"%s",DEFAULT_DIRECTORY);
  25 +       snprintf(curdir,AFP_MAX_PATH,"%s",DEFAULT_DIRECTORY);
  26         if (init_uams()<0) return -1;
  27
  28         afp_default_url(&url);