Follow-up Comment #15, bug #66142 (group screen): Current downstream distro patch (not Arch, however) to keep _FORTIFY_SOURCE overall: as the length is already precomputed and checked, just memcpy should be fine; on overflow, however, fail explicitly instead of silently truncating and executing the command.
(works fine with multiple arguments and fails as expected on overflow)
--- a/attacher.c 2025-02-24 20:15:31.701820351 +0100
+++ b/attacher.c 2025-02-24 20:17:05.893826559 +0100
@@ -461,8 +461,8 @@
size_t len;
len = strlen(*av) + 1;
if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) -
1)
- break;
+ Panic(0, "Total length of the command to send too
large.\n");
- strncpy(p, *av, MAXPATHLEN);
+ memcpy(p, *av, len);
p += len;
}
*p = 0;
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66142>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
