CVE: CVE-2022-48554 Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ] Signed-off-by: Lee Chee Yang From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001 From: Christos Zoulas Date: Mon, 14 Feb 2022 16:26:10 +0000 Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it will try to scan the source string to find out how much space is needed the source string might not be NUL terminated. --- src/funcs.c | 11 +++++++---- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/funcs.c b/src/funcs.c index 89e1da597..dcfd352d2 100644 --- a/src/funcs.c +++ b/src/funcs.c @@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $") protected char * file_copystr(char *buf, size_t blen, size_t width, const char *str) { - if (++width > blen) - width = blen; - strlcpy(buf, str, width); + if (blen == 0) + return buf; + if (width >= blen) + width = blen - 1; + memcpy(buf, str, width); + buf[width] = '\0'; return buf; }