37 lines
938 B
Diff
37 lines
938 B
Diff
From 30db6ce78e7c4b96b977320e4d16555a93401c8d Mon Sep 17 00:00:00 2001
|
|
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
|
|
Date: Tue, 22 Jun 2021 09:02:00 +0000
|
|
Subject: [PATCH] Fix [bad6cc213d]: A format string vulnerability in Tcl
|
|
nmakehelp.c allows code execution via a crated file. Also change a memcpy()
|
|
to a memmove(), because the range could be overlapping
|
|
|
|
---
|
|
win/nmakehlp.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/win/nmakehlp.c b/win/nmakehlp.c
|
|
index 7536ede..4021346 100644
|
|
--- a/win/nmakehlp.c
|
|
+++ b/win/nmakehlp.c
|
|
@@ -537,7 +537,7 @@ GetVersionFromFile(
|
|
++q;
|
|
}
|
|
|
|
- memcpy(szBuffer, p, q - p);
|
|
+ memmove(szBuffer, p, q - p);
|
|
szBuffer[q-p] = 0;
|
|
szResult = szBuffer;
|
|
break;
|
|
@@ -674,7 +674,7 @@ SubstituteFile(
|
|
memcpy(szBuffer, szCopy, sizeof(szCopy));
|
|
}
|
|
}
|
|
- printf(szBuffer);
|
|
+ printf("%s", szBuffer);
|
|
}
|
|
|
|
list_free(&substPtr);
|
|
--
|
|
1.8.3.1
|
|
|