Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
Date:                    2004-11-30
Initial Package Version: 4.2.1
Upstream Status:         Not submitted (others have tried but the package
                         maintainers don't reply)
Origin:                  http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=909
Description:             Fixes buffer-overrun vulnerability in the shar utility

diff -Naur sharutils-4.2.1-orig/src/shar.c sharutils-4.2.1/src/shar.c
--- sharutils-4.2.1-orig/src/shar.c	1999-09-10 19:20:41.000000000 +0000
+++ sharutils-4.2.1/src/shar.c	2004-11-30 18:19:55.938349824 +0000
@@ -1905,7 +1905,7 @@
 	break;
 
       case 'o':
-	strcpy (output_base_name, optarg);
+	strncpy (output_base_name, optarg, sizeof(output_base_name));
 	if (!strchr (output_base_name, '%'))
 	  strcat (output_base_name, ".%02d");
 	part_number = 0;