Prevent NULL truncation by strncpy

3 files changed, 25 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index 75b8603..ecd4ae4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-paexec (1.1.1-1) UNRELEASED; urgency=medium
+paexec (1.1.1-1) unstable; urgency=medium
 
   * New maintainer (closes: bug#939228).
   * New upstream release.
+  * Prevent NULL truncation by strncpy (closes: bug#925801)
 
- -- Alexander Ponyatykh <lazyranma@gmail.com>  Sat, 23 Nov 2019 20:19:51 +0300
+ -- Alexander Ponyatykh <lazyranma@gmail.com>  Sat, 23 Nov 2019 20:56:26 +0300
 
 paexec (1.1.0-1) unstable; urgency=medium
 
diff --git a/debian/patches/0001-prevent-null-truncation-by-strncpy.patch b/debian/patches/0001-prevent-null-truncation-by-strncpy.patch
new file mode 100644
index 0000000..1ad1e1b
--- /dev/null
+++ b/debian/patches/0001-prevent-null-truncation-by-strncpy.patch
@@ -0,0 +1,21 @@
+From: Alexander Ponyatykh <lazyranma@gmail.com>
+Date: Sat, 23 Nov 2019 20:53:58 +0300
+Subject: Prevent NULL truncation by strncpy
+
+---
+ paexec/paexec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/paexec/paexec.c b/paexec/paexec.c
+index 9a1f19d..6558f6f 100644
+--- a/paexec/paexec.c
++++ b/paexec/paexec.c
+@@ -271,7 +271,7 @@ static void init__read_graph_tasks (void)
+ 			--len;
+ 		}
+ 
+-		strncpy (buf_copy, buf, sizeof (buf_copy));
++		strncpy (buf_copy, buf, sizeof (buf_copy) - 1);
+ 
+ 		tok1 = tok2 = tok3 = tok = NULL;
+ 		tok_cnt = 0;
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..fd37091 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-prevent-null-truncation-by-strncpy.patch