#9 Security - if you use "extern" filters, simple changes

[Nate E]

There is a possible externally exploitable security
problem if you use "extern" filters, either stop using
them or apply these simple changes and re-compile
NapShare. It's a buffer overflow thing that was
overlooked, sorry.

This applies to all versions of NapShare, please check
your code ASAP.

It does not apply to the MUTE version of NapShare (no
extern filters).

This problem could only happen if you use "extern"
filters and someone needs to reformat search results
sent back to you.

At about line 201 in "auto.c" change it to use
"strncpy" instead
of the more dangerous "strcpy" (unlimited copy from a
outside
source is a bad thing, sorry). The 4000 number allows us
to add in some more data later on.

change
strcpy(filename, rc->name);
to read
strncpy(filename, rc->name, 4000);

And just in case, change line 222 also

change
strcpy (tmp, string); // start to build the command line
to
strncpy (tmp, string, 5000); // start to build the
command line