void-packages/srcpkgs/hfsprogs/patches/fix-potential-buffer-overflow.patch

Source: pullmoll
Upstream: no (feel free to suggest)
Reason: use snprintf to avoid potential buffer overruns and fix mis-typed != compare

--- fsck_hfs.tproj/utilities.c
+++ fsck_hfs.tproj/utilities.c
@@ -221,14 +221,12 @@
 	if ((dp = strrchr(name, '/')) == 0)
 		return (0);
 	*dp = 0;
-	(void)strncpy(rawbuf, name, sizeof(rawbuf));
-	*dp = '/';
 #if LINUX
-	(void)strncat(rawbuf, "/", sizeof(rawbuf));
+	snprintf(rawbuf, sizeof(rawbuf), "%s/%s", name, dp + 1);
 #else
-	(void)strncat(rawbuf, "/r", sizeof(rawbuf));
+	snprintf(rawbuf, sizeof(rawbuf), "%s/r%s", name, dp + 1);
 #endif
-	(void)strncat(rawbuf, &dp[1], sizeof(rawbuf));
+	*dp = '/';
 
 	return (rawbuf);
 }
--- fsck_hfs.tproj/dfalib/SControl.c
+++ fsck_hfs.tproj/dfalib/SControl.c
@@ -321,9 +321,7 @@
 	dataArea.DrvNum				= fsReadRef;
 	dataArea.liveVerifyState 	= liveMode;
 	dataArea.scanCount		= scanCount;
-    	if (strncpy(dataArea.deviceNode, rdevnode, sizeof(dataArea.deviceNode)) != strlen(rdevnode)) {
-		dataArea.deviceNode[0] = '\0';
-	}
+    	snprintf(dataArea.deviceNode, sizeof(dataArea.deviceNode), "%s", rdevnode);
     	
     /* there are cases where we cannot get the name of the volume so we */
     /* set our default name to one blank */