thttpd/thttpd-2.25b-overflow.diff

Index: extras/htpasswd.c
===================================================================
--- extras/htpasswd.c.orig	2014-09-03 09:40:24.741007309 +0200
+++ extras/htpasswd.c	2014-09-03 09:42:47.188597773 +0200
@@ -184,15 +184,17 @@ int main(int argc, char *argv[]) {
         fprintf(stderr,"Use -c option to create new one.\n");
         exit(1);
     }
-    strcpy(user,argv[2]);
 
+    strncpy(user,argv[2],MAX_STRING_LEN);
+    user[MAX_STRING_LEN-1]='\0';
     found = 0;
     while(!(my_getline(line,MAX_STRING_LEN,f))) {
         if(found || (line[0] == '#') || (!line[0])) {
             putline(tfp,line);
             continue;
         }
-        strcpy(l,line);
+        strncpy(l,line,MAX_STRING_LEN);
+        l[MAX_STRING_LEN-1]='\0';
         getword(w,l,':');
         if(strcmp(user,w)) {
             putline(tfp,line);
@@ -210,7 +212,8 @@ int main(int argc, char *argv[]) {
     }
     fclose(f);
     fclose(tfp);
-    sprintf(command,"cp %s %s",temp_template,argv[1]);
+    snprintf(command,MAX_STRING_LEN,"cp %s %s",temp_template,argv[1]);
+    command[MAX_STRING_LEN-1]='\0';
     system(command);
     unlink(temp_template);
     exit(0);