[DragonFlyBSD - Bug #1753] (In Progress) ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 19 05:26:53 PST 2015


Issue #1753 has been updated by tuxillo.

Description updated
Category set to Userland
Status changed from New to In Progress
Assignee deleted (0)
Target version set to 4.2.x

Hi,

Still relevant, moving to Submit.

Cheers,
Antonio Huete

----------------------------------------
Bug #1753: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
http://bugs.dragonflybsd.org/issues/1753#change-12526

* Author: vsrinivas
* Status: In Progress
* Priority: Normal
* Assignee: 
* Category: Userland
* Target version: 4.2.x
----------------------------------------
FreeBSD commit notes:

"fix a buffer overflow with large (100k+) number of input lines."

--- /usr/src/sbin/ipfw/ipfw2.c	2010-02-23 09:32:26 -0800
+++ ipfw2.c	2010-04-29 23:36:44 -0700
@@ -3494,7 +3494,7 @@
 #define WHITESP		" \t\f\v\n\r"
 	char	buf[BUFSIZ];
 	char	*a, *p, *args[MAX_ARGS], *cmd = NULL;
-	char	linename[10];
+	char	linename[20];
 	int	i=0, lineno=0, qflag=0, pflag=0, status;
 	FILE	*f = NULL;
 	pid_t	preproc = 0;
@@ -3586,7 +3586,7 @@
 
 	while (fgets(buf, BUFSIZ, f)) {
 		lineno++;
-		sprintf(linename, "Line %d", lineno);
+		snprintf(linename, sizeof(linename), "Line %d", lineno);
 		args[0] = linename;
 
 		if (*buf == '#')



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



More information about the Bugs mailing list