There is a chance that the input string is larger than size, and on VMS,

this wasn't checked and could possibly be exploitable (slim chance, but still)

diff --git a/apps/apps.c b/apps/apps.c
index e797796e30a988ff471331500c24e42cdecbab2f..aca750b1f0e8143eb86d90607836e3045e3a8db6 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -310,9 +310,16 @@ void program_name(char *in, char *out, int size)
 
        q=strrchr(p,'.');
        if (q == NULL)
-               q = in+size;
-       strncpy(out,p,q-p);
-       out[q-p]='\0';
+               q = p + strlen(p);
+       strncpy(out,p,size-1);
+       if (q-p >= size)
+               {
+               out[size-1]='\0';
+               }
+       else
+               {
+               out[q-p]='\0';
+               }
        }
 #else
 void program_name(char *in, char *out, int size)