--- ChangeLog | 6 ++++++ src/tftpd.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog index ea93a846..32b23d0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2017-12-30 Mike Gilbert <[email protected]> + + tftpd: Avoid triggering buffer overflow detection in glibc's strcpy. + + * src/tftpd.c (nak): Use memcpy to populate tp->th_msg. + 2017-07-10 Omer Anson <[email protected]> (tiny change) * src/hostname.c (parse_file): Free name and allocate one extra diff --git a/src/tftpd.c b/src/tftpd.c index 0f2e958e..ff931db0 100644 --- a/src/tftpd.c +++ b/src/tftpd.c @@ -864,8 +864,8 @@ nak (int error) pe->e_msg = strerror (error - 100); tp->th_code = EUNDEF; /* set 'undef' errorcode */ } - strcpy (tp->th_msg, pe->e_msg); length = strlen (pe->e_msg); + memcpy (tp->th_msg, pe->e_msg, length); tp->th_msg[length] = '\0'; length += 5; if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length) -- 2.16.0.rc0
