[star] fix another instance of buffer overflow for files with long names(#632384)

Tue Sep 14 14:04:24 UTC 2010

commit 22dfc15b4112e4b0fba7e1fae035804a88119f4d
Author: Ondřej Vašík <ovasik at redhat.com>
Date:   Tue Sep 14 16:04:21 2010 +0200

    fix another instance of buffer overflow for files with long names(#632384)

 star-1.5.1-bufferoverflow.patch |    9 +++++++++
 star.spec                       |    6 +++++-
 2 files changed, 14 insertions(+), 1 deletions(-)
---

diff --git a/star-1.5.1-bufferoverflow.patch b/star-1.5.1-bufferoverflow.patch
index ef5f51c..a37bd19 100644
--- a/star-1.5.1-bufferoverflow.patch
+++ b/star-1.5.1-bufferoverflow.patch
@@ -10,3 +10,12 @@ diff -urNp star-1.5.1-orig/star/longnames.c star-1.5.1/star/longnames.c
  		return (TRUE);
  	}
  
+@@ -198,7 +198,7 @@ name_to_tcb(info, ptb)
+ 	if (add)
+ 		strcatl(ptb->dbuf.t_name, &np[1], "/", (char *)NULL);
+ 	else
+-		strcpy(ptb->dbuf.t_name, &np[1]);
++		strncpy(ptb->dbuf.t_name, &np[1], props.pr_maxsname);
+ 	strncpy(ptb->dbuf.t_prefix, name, np - name);
+ 	info->f_flags |= F_SPLIT_NAME;
+ 	return (TRUE); 
diff --git a/star.spec b/star.spec
index fcc1d95..52d0a7d 100644
--- a/star.spec
+++ b/star.spec
@@ -4,7 +4,7 @@
 Summary:  An archiving tool with ACL support
 Name: star
 Version: 1.5.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL: http://cdrecord.berlios.de/old/private/star.html
 Source: ftp://ftp.berlios.de/pub/star/%{name}-%{version}.tar.bz2
 
@@ -118,6 +118,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man4/star.4*
 
 %changelog
+* Tue Sep 14 2010 Ondrej Vasik <ovasik at redhat.com> 1.5.1-4
+- fix another instance of buffer overflow for files with
+  long names(#632384)
+
 * Tue Aug 17 2010 Ondrej Vasik <ovasik at redhat.com> 1.5.1-3
 - Fix some invalid manpage references (#624612)
 - ship star.4 manpage with star format description
