Steve Grubb writes:

Hello,

I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.

Thanks,
Steve Grubb

diff --git a/archival/tar.c b/archival/tar.c
index 9d50a101d3b1eae615b251c0a23eab936bf5a44a..efdc4658765f551a439c1453270e9a877d7d865f 100644 (file)
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -477,8 +477,8 @@ static inline int writeTarFile(const int tar_fd, const int verboseFlag,
                        dup2(gzipDataPipe[0], 0);
                        close(gzipDataPipe[1]);
 
-                       if (tbInfo.tarFd != 1);
-                       dup2(tbInfo.tarFd, 1);
+                       if (tbInfo.tarFd != 1)
+                               dup2(tbInfo.tarFd, 1);
 
                        close(gzipStatusPipe[0]);
                        fcntl(gzipStatusPipe[1], F_SETFD, FD_CLOEXEC);  /* close on exec shows sucess */

diff --git a/coreutils/dos2unix.c b/coreutils/dos2unix.c
index a21ed5bc3cb943105331036db39ce381e670cd9c..c8cebcec70cbb2956e69a8adbde44c910ccfcfe7 100644 (file)
--- a/coreutils/dos2unix.c
+++ b/coreutils/dos2unix.c
@@ -64,7 +64,7 @@ static int convert(char *fn, int ConvType)
                c = strlen(tempFn);
                tempFn[c] = '.';
                while(1) {
-                   if (c >=BUFSIZ)
+                   if (c >=BUFSIZ-2)
                        bb_error_msg_and_die("unique name not found");
                    /* Get some semi random stuff to try and make a
                     * random filename based (and in the same dir as)