Package: apt-spy
Severity: normal
Tags: patch
file.c has:
strncat(new_name, ".bak", namesize + 5);
but this seems to be a misinterpretation of how strncat() works.
strcat() is perfectly fine to use here, and the sizes are all right.
If strncat is to be used, then the third parameter should be 4.
The strncpy() is also not necessary; strcpy is sufficient.
I'm including a patch which uses sprintf. snprintf is also available;
you could use if if you wanted to be perfectly pedantic.
int ret=strncat(size, ...);
if (ret<0 || ret>=size) {
// Error.
}
Since this is a programming error, it could even be a simple assert
statement.
Justin
diff -ur apt-spy-3.1/file.c apt-spy-3.1.jp2/file.c
--- apt-spy-3.1/file.c 2005-07-08 20:48:09.000000000 -0400
+++ apt-spy-3.1.jp2/file.c 2005-07-08 21:50:28.000000000 -0400
@@ -145,10 +145,7 @@
/* We need to create the new filename. */
new_name = malloc(namesize + 5);
- strncpy(new_name, orig_file, namesize + 1);
-
- /* We append ".bak" to the end of the backup file */
- strncat(new_name, ".bak", namesize + 5);
+ sprintf(new_name, "%s.bak", orig_file);
out_file = fopen(new_name, "w");
