[Commits] [SCM] claws branch, master, updated. 3.11.1-35-ga8df3ae
mones at claws-mail.org
mones at claws-mail.org
Sat Nov 29 22:55:36 CET 2014
The branch, master has been updated
via a8df3ae48ad5732018934b378abb11a022735c5e (commit)
from 5c904ffa6257f591d0ffde8d90faa592bc384270 (commit)
Summary of changes:
src/plugins/tnef_parse/ytnef.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
- Log -----------------------------------------------------------------
commit a8df3ae48ad5732018934b378abb11a022735c5e
Author: Ricardo Mones <ricardo at mones.org>
Date: Sat Nov 29 22:53:33 2014 +0100
Fix possible buffer overflow (CVE 2010-5109)
Patch by Petr Písař <ppisar at redhat.com>
RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=831322
Debian bug: https://bugs.debian.org/771360
diff --git a/src/plugins/tnef_parse/ytnef.c b/src/plugins/tnef_parse/ytnef.c
index a2e7ed3..9184836 100644
--- a/src/plugins/tnef_parse/ytnef.c
+++ b/src/plugins/tnef_parse/ytnef.c
@@ -1352,7 +1352,7 @@ unsigned char *DecompressRTF(variableLength *p, int *size) {
comp_Prebuf.size = strlen(RTF_PREBUF);
comp_Prebuf.data = calloc(comp_Prebuf.size + 1, 1);
- strcpy(comp_Prebuf.data, RTF_PREBUF);
+ memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
src = p->data;
in = 0;
-----------------------------------------------------------------------
hooks/post-receive
--
Claws Mail
More information about the Commits
mailing list