projects
/
claws.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5c904ff
)
Fix possible buffer overflow (CVE 2010-5109)
author
Ricardo Mones
<ricardo@mones.org>
Sat, 29 Nov 2014 21:53:33 +0000
(22:53 +0100)
committer
Ricardo Mones
<ricardo@mones.org>
Sat, 29 Nov 2014 21:53:33 +0000
(22:53 +0100)
Patch by Petr Písař <ppisar@redhat.com>
RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=831322
Debian bug: https://bugs.debian.org/771360
src/plugins/tnef_parse/ytnef.c
patch
|
blob
|
history
diff --git
a/src/plugins/tnef_parse/ytnef.c
b/src/plugins/tnef_parse/ytnef.c
index a2e7ed3944dcd6c21ceabc7faa6701118f343dd4..9184836073e8867dbd672fc9c2e8f088f674065d 100644
(file)
--- a/
src/plugins/tnef_parse/ytnef.c
+++ b/
src/plugins/tnef_parse/ytnef.c
@@
-1352,7
+1352,7
@@
unsigned char *DecompressRTF(variableLength *p, int *size) {
comp_Prebuf.size = strlen(RTF_PREBUF);
comp_Prebuf.data = calloc(comp_Prebuf.size + 1, 1);
comp_Prebuf.size = strlen(RTF_PREBUF);
comp_Prebuf.data = calloc(comp_Prebuf.size + 1, 1);
-
strcpy(comp_Prebuf.data, RTF_PREBUF
);
+
memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size
);
src = p->data;
in = 0;
src = p->data;
in = 0;