From ead6f371167d52e32354ce298cc1b318ae1b8264 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Fri, 8 May 2026 05:40:09 +0000 Subject: [PATCH] fix: V-002 security vulnerability Automated security fix generated by Orbis Security AI --- contrib/cpukit/zlib/contrib/untgz/untgz.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/contrib/cpukit/zlib/contrib/untgz/untgz.c b/contrib/cpukit/zlib/contrib/untgz/untgz.c index 78579211fec..d343c363465 100644 --- a/contrib/cpukit/zlib/contrib/untgz/untgz.c +++ b/contrib/cpukit/zlib/contrib/untgz/untgz.c @@ -133,12 +133,12 @@ char *TGZfname (const char *arcname) static char buffer[1024]; int origlen,i; - strcpy(buffer,arcname); + snprintf(buffer,sizeof(buffer),"%s",arcname); origlen = strlen(buffer); for (i=0; TGZsuffix[i]; i++) { - strcpy(buffer+origlen,TGZsuffix[i]); + snprintf(buffer+origlen,sizeof(buffer)-origlen,"%s",TGZsuffix[i]); if (access(buffer,F_OK) == 0) return buffer; } @@ -193,9 +193,9 @@ char *strtime (time_t *t) static char result[32]; local = localtime(t); - sprintf(result,"%4d/%02d/%02d %02d:%02d:%02d", - local->tm_year+1900, local->tm_mon+1, local->tm_mday, - local->tm_hour, local->tm_min, local->tm_sec); + snprintf(result, sizeof(result), "%4d/%02d/%02d %02d:%02d:%02d", + local->tm_year+1900, local->tm_mon+1, local->tm_mday, + local->tm_hour, local->tm_min, local->tm_sec); return result; } @@ -436,9 +436,7 @@ int tar (gzFile in,int action,int arg,int argc,char **argv) if (getheader == 1) { - strncpy(fname,buffer.header.name,SHORTNAMESIZE); - if (fname[SHORTNAMESIZE-1] != 0) - fname[SHORTNAMESIZE] = 0; + snprintf(fname,SHORTNAMESIZE+1,"%s",buffer.header.name); } else {