Submitted By:            Bruce Dubbs <bdubbs_at_linuxfromscratch_dot_org>
Date:                    2010-05-02
Initial Package Version: 1.22
Upstream Status:         Submitted
Origin:                  http://wiki.linuxfromscratch.org/lfs/ticket/2651 
Description:             Fixes a buffer overflow when creating archives 
                         when built by gcc-4.5

diff -urNp tar-1.22-orig/src/create.c tar-1.22/src/create.c
--- tar-1.22-orig/src/create.c   2009-07-09 18:38:37.000000000 +0200
+++ tar-1.22/src/create.c  2009-07-09 18:43:44.000000000 +0200
@@ -578,7 +578,10 @@ write_gnu_long_link (struct tar_stat_inf
   GNAME_TO_CHARS (tmpname, header->header.gname);
   free (tmpname);
 
-  strcpy (header->header.magic, OLDGNU_MAGIC);
+  /* OLDGNU_MAGIC is string with 7 chars + NULL */
+  strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
+  strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
+           sizeof(header->header.version));
   header->header.typeflag = type;
   finish_header (st, header, -1);
 
@@ -908,9 +911,13 @@ start_header (struct tar_stat_info *st)
       break;
 
     case OLDGNU_FORMAT:
-    case GNU_FORMAT:   /*FIXME?*/
-      /* Overwrite header->header.magic and header.version in one blow.  */
-      strcpy (header->header.magic, OLDGNU_MAGIC);
+    case GNU_FORMAT:
+      /* OLDGNU_MAGIC is string with 7 chars + NULL */
+      strncpy (header->header.magic, OLDGNU_MAGIC,
+               sizeof(header->header.magic));
+      strncpy (header->header.version,
+               OLDGNU_MAGIC+sizeof(header->header.magic),
+               sizeof(header->header.version));
       break;
 
     case POSIX_FORMAT: