Little patch for graphics/gif2png, prodded by http://article.gmane.org/gmane.comp.security.full-disclosure/70757
Best regards, Jona -- Worse is better Richard P. Gabriel
$OpenBSD$ --- gif2png.c.orig Fri May 10 16:06:02 2002 +++ gif2png.c Sun Dec 13 20:33:25 2009 @@ -697,24 +697,24 @@ int processfile(char *fname, FILE *fp) /* create output filename */ - strcpy(outname, fname); + strlcpy(outname, fname, sizeof(outname)); file_ext = outname+strlen(outname)-4; if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 && - strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) { - /* try to derive basename */ - file_ext = outname+strlen(outname); - while(file_ext >= outname) { - if (*file_ext == '.' || *file_ext == '/' || *file_ext == '\\') break; - file_ext--; - } - if (file_ext<outname || *file_ext != '.') { - /* as a last resort, just add .png to the filename */ - file_ext = outname+strlen(outname); - } + strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) { + /* try to derive basename */ + file_ext = outname+strlen(outname); + while(file_ext >= outname) { + if (*file_ext == '.' || *file_ext == '/' || *file_ext == '\\') break; + file_ext--; } + if (file_ext<outname || *file_ext != '.') { + /* as a last resort, just add .png to the filename */ + file_ext = outname+strlen(outname); + } + } - strcpy(file_ext, ".png"); /* images are named .png, .p01, .p02, ... */ + strlcpy(file_ext, ".png", outname - file_ext); /* images are named .png, .p01, .p02, ... */ start = NULL; @@ -732,7 +732,7 @@ int processfile(char *fname, FILE *fp) fclose(fp); ++numpngs; start = NULL; - sprintf(file_ext, ".p%02d", i); + snprintf(file_ext, outname - file_ext,".p%02d", i); } } } @@ -898,10 +898,10 @@ int main(int argc, char *argv[]) } } else { for (i = ac;i<argc; i++) { - strcpy(name, argv[i]); + strlcpy(name, argv[i], sizeof(name)); if ((fp = fopen(name, "rb")) == NULL) { /* retry with .gif appended */ - strcat(name, ".gif"); + strlcat(name, ".gif", sizeof(name)); fp = fopen(name,"rb"); } if (fp == NULL) {