File cdrkit-1.1.9-fix-buffer-overflows.patch of Package wodim

Overview Repositories Revisions Requests Users Attributes Meta

File cdrkit-1.1.9-fix-buffer-overflows.patch of Package wodim

Those were detected by gcc-4.5

Note that these are false positives (well, the trailing \0 of the strings
might actually land outside of inq), because the fields are aligned in the
struct scsi_inquiry).

Index: cdrkit-1.1.9/wodim/scsi_cdr.c
===================================================================
--- cdrkit-1.1.9.orig/wodim/scsi_cdr.c
+++ cdrkit-1.1.9/wodim/scsi_cdr.c
@@ -2179,30 +2179,35 @@ getdev(SCSI *usalp, BOOL print)
 			}
 		}
 		if (inq->add_len == 0) {
 			if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
 				usalp->dev = DEV_ACB5500;
-				strcpy(inq->vendor_info,
-					"ADAPTEC ACB-5500        FAKE");
+				strncpy(inq->vendor_info,   "ADAPTEC ", 8);
+				strncpy(inq->prod_ident,    "ACB-5500        ", 16);
+				strncpy(inq->prod_revision, "FAKE", 4);
 
 			} else switch (usalp->dev) {
 
 				case DEV_ACB40X0:
-					strcpy(inq->vendor_info,
-							"ADAPTEC ACB-40X0        FAKE");
+					strncpy(inq->vendor_info,   "ADAPTEC ", 8);
+					strncpy(inq->prod_ident,    "ACB-40X0        ", 16);
+					strncpy(inq->prod_revision, "FAKE", 4);
 					break;
 				case DEV_ACB4000:
-					strcpy(inq->vendor_info,
-							"ADAPTEC ACB-4000        FAKE");
+					strncpy(inq->vendor_info,   "ADAPTEC ", 8);
+					strncpy(inq->prod_ident,    "ACB-4000        ", 16);
+					strncpy(inq->prod_revision, "FAKE", 4);
 					break;
 				case DEV_ACB4010:
-					strcpy(inq->vendor_info,
-							"ADAPTEC ACB-4010        FAKE");
+					strncpy(inq->vendor_info,   "ADAPTEC ", 8);
+					strncpy(inq->prod_ident,    "ACB-4010        ", 16);
+					strncpy(inq->prod_revision, "FAKE", 4);
 					break;
 				case DEV_ACB4070:
-					strcpy(inq->vendor_info,
-							"ADAPTEC ACB-4070        FAKE");
+					strncpy(inq->vendor_info,   "ADAPTEC ", 8);
+					strncpy(inq->prod_ident,    "ACB-4070        ", 16);
+					strncpy(inq->prod_revision, "FAKE", 4);
 					break;
 			}
 		} else if (inq->add_len < 31) {
 			usalp->dev = DEV_NON_CCS_DSK;
 
@@ -2228,18 +2233,20 @@ getdev(SCSI *usalp, BOOL print)
 		}
 		break;
 
 	case INQ_SEQD:
 		if (usalp->dev == DEV_SC4000) {
-			strcpy(inq->vendor_info,
-				"SYSGEN  SC4000          FAKE");
+			strncpy(inq->vendor_info,   "SYSGEN  ", 8);
+			strncpy(inq->prod_ident,    "SC4000          ", 16);
+			strncpy(inq->prod_revision, "FAKE", 4);
 		} else if (inq->add_len == 0 &&
 					inq->removable &&
 						inq->ansi_version == 1) {
 			usalp->dev = DEV_MT02;
-			strcpy(inq->vendor_info,
-				"EMULEX  MT02            FAKE");
+			strncpy(inq->vendor_info,   "EMULEX  ", 8);
+			strncpy(inq->prod_ident,    "MT02            ", 16);
+			strncpy(inq->prod_revision, "FAKE", 4);
 		}
 		break;
 
 /*	case INQ_OPTD:*/
 	case INQ_ROMD:

Places

File cdrkit-1.1.9-fix-buffer-overflows.patch of Package wodim

Places