From 3926905111c12a62857712fb4c4db92272a9f3cd Mon Sep 17 00:00:00 2001 From: Michael Roitzsch Date: Thu, 22 Jul 2004 14:15:19 +0000 Subject: a broken CD might contain an unterminated label, which would have overrun the buffer; a label with '%' characters would have lead to a format string attack Rocky, can you merge this back to libcdio, please? CVS patchset: 6832 CVS date: 2004/07/22 14:15:19 --- src/input/vcd/libcdio/cd_types.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/input/vcd/libcdio/cd_types.c b/src/input/vcd/libcdio/cd_types.c index 047c8bb63..49ffc79e0 100644 --- a/src/input/vcd/libcdio/cd_types.c +++ b/src/input/vcd/libcdio/cd_types.c @@ -1,5 +1,5 @@ /* - $Id: cd_types.c,v 1.2 2004/04/11 12:20:31 miguelfreitas Exp $ + $Id: cd_types.c,v 1.3 2004/07/22 14:15:19 mroi Exp $ Copyright (C) 2003 Rocky Bernstein @@ -240,7 +240,7 @@ cdio_guess_cd_type(const CdIo *cdio, int start_session, track_t track_num, else ret = CDIO_FS_ISO_9660; iso_analysis->isofs_size = _cdio_get_iso9660_fs_sec_count(); - sprintf(iso_analysis->iso_label, buffer[0]+40); + snprintf(iso_analysis->iso_label, 33, "%s", buffer[0]+40); #if 0 if (_cdio_is_rockridge()) -- cgit v1.2.3