[issue1753] ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
Venkatesh Srinivas (via DragonFly issue tracker)
sinknull at leaf.dragonflybsd.org
Thu Apr 29 23:40:26 PDT 2010
New submission from Venkatesh Srinivas <me at acm.jhu.edu>:
FreeBSD commit notes:
"fix a buffer overflow with large (100k+) number of input lines."
--- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 -0800
+++ ipfw2.c 2010-04-29 23:36:44 -0700
@@ -3494,7 +3494,7 @@
#define WHITESP " \t\f\v\n\r"
char buf[BUFSIZ];
char *a, *p, *args[MAX_ARGS], *cmd = NULL;
- char linename[10];
+ char linename[20];
int i=0, lineno=0, qflag=0, pflag=0, status;
FILE *f = NULL;
pid_t preproc = 0;
@@ -3586,7 +3586,7 @@
while (fgets(buf, BUFSIZ, f)) {
lineno++;
- sprintf(linename, "Line %d", lineno);
+ snprintf(linename, sizeof(linename), "Line %d", lineno);
args[0] = linename;
if (*buf == '#')
----------
messages: 8540
nosy: vsrinivas
status: unread
title: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1753>
_____________________________________________________
More information about the Bugs
mailing list