bzip2recover: Fix buffer overflow for large argv[0]. bzip2recover.c (main) copies argv[0] to a statically sized buffer without checking whether argv[0] might be too big (> 2000 chars). This patch comes from Fedora and was originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=226979

commit: 833548edc0eb4af85ce8da193835f0f31a6c300f [log] [tgz]
author: Mark Wielaard <mark@klomp.org> Mon Jun 24 00:14:02 2019 +0200
committer: Mark Wielaard <mark@klomp.org> Mon Jun 24 00:14:06 2019 +0200
tree: 0e7937211f4e0a6b278288b8aa82bc247a87b40f
parent: 02fe3ca2349e45eee6dff6ca46bf9a9187f382c5 [diff]
diff --git a/bzip2recover.c b/bzip2recover.c
index 06ac1f5..1a70e04 100644
--- a/bzip2recover.c
+++ b/bzip2recover.c

@@ -309,7 +309,8 @@
    UInt32      buffHi, buffLo, blockCRC;
    Char*       p;
 
-   strcpy ( progName, argv[0] );
+   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+   progName[BZ_MAX_FILENAME-1]='\0';
    inFileName[0] = outFileName[0] = 0;
 
    fprintf ( stderr,
commit	833548edc0eb4af85ce8da193835f0f31a6c300f	[log] [tgz]
author	Mark Wielaard <mark@klomp.org>	Mon Jun 24 00:14:02 2019 +0200
committer	Mark Wielaard <mark@klomp.org>	Mon Jun 24 00:14:06 2019 +0200
tree	0e7937211f4e0a6b278288b8aa82bc247a87b40f
parent	02fe3ca2349e45eee6dff6ca46bf9a9187f382c5 [diff]