Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Aug 2003 14:56:11 +0200 (CEST)
From:      Alex Dupre <sysadmin@alexdupre.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        roam@FreeBSD.org
Subject:   ports/55700: [Fix] Port: mail/autoresponder (strncpy bug)
Message-ID:  <200308181256.h7ICuBTd001557@vaio.alexdupre.com>
Resent-Message-ID: <200308181610.h7IGANnl053239@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         55700
>Category:       ports
>Synopsis:       [Fix] Port: mail/autoresponder (strncpy bug)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 18 09:10:23 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Alex Dupre
>Release:        FreeBSD 4.8-ALEXDUPRE i386
>Organization:
>Environment:
System: FreeBSD 4.8-ALEXDUPRE i386
>Description:
strncpy() doesn't append a null character at the end of the string,
so the next strncat() call crashes (core dump).

Noted only with -current and gcc3, but it's a sw bug anyway.
>How-To-Repeat:
>Fix:

--- autorespond.diff begins here ---
diff -ruN autorespond.orig/Makefile autorespond/Makefile
--- autorespond.orig/Makefile	Mon Aug 18 14:47:28 2003
+++ autorespond/Makefile	Mon Aug 18 14:47:56 2003
@@ -7,6 +7,7 @@
 
 PORTNAME=	autorespond
 PORTVERSION=	2.0.3
+PORTREVISION=	1
 CATEGORIES=	mail
 MASTER_SITES=	http://www.inter7.com/devel/
 
@@ -14,7 +15,7 @@
 PATCHFILES=	${DISTNAME}-conf-strcasestr.patch
 
 MAINTAINER=	roam@FreeBSD.org
-COMMENT=	"Simple autoresponder for qmail"
+COMMENT=	Simple autoresponder for qmail
 
 post-patch:
 	${ECHO_CMD} "${CC} ${CFLAGS}" > ${WRKSRC}/conf-cc
diff -ruN autorespond.orig/files/patch-autorespond.c autorespond/files/patch-autorespond.c
--- autorespond.orig/files/patch-autorespond.c	Thu Jan  1 01:00:00 1970
+++ autorespond/files/patch-autorespond.c	Mon Aug 18 14:47:36 2003
@@ -0,0 +1,11 @@
+--- autorespond.c.orig	Mon Aug 18 14:41:33 2003
++++ autorespond.c	Mon Aug 18 14:42:14 2003
+@@ -572,7 +572,7 @@
+ 	if ( *rpath == '$' )
+ 	{
+ 		rpath = safe_malloc( strlen(TheUser) + strlen(TheDomain) + 2);
+-		strncpy( rpath, TheUser, strlen(TheUser) );
++		strncpy( rpath, TheUser, strlen(TheUser) + 1 );
+ 		strncat( rpath, "@", 1 );
+ 		strncat( rpath, TheDomain, strlen(TheDomain) );
+ 	}
--- autorespond.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308181256.h7ICuBTd001557>