[DragonFlyBSD - Bug #1753] (In Progress) ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
bugtracker-admin at leaf.dragonflybsd.org
bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 19 05:26:53 PST 2015
Issue #1753 has been updated by tuxillo.
Description updated
Category set to Userland
Status changed from New to In Progress
Assignee deleted (0)
Target version set to 4.2.x
Hi,
Still relevant, moving to Submit.
Cheers,
Antonio Huete
----------------------------------------
Bug #1753: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
http://bugs.dragonflybsd.org/issues/1753#change-12526
* Author: vsrinivas
* Status: In Progress
* Priority: Normal
* Assignee:
* Category: Userland
* Target version: 4.2.x
----------------------------------------
FreeBSD commit notes:
"fix a buffer overflow with large (100k+) number of input lines."
--- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 -0800
+++ ipfw2.c 2010-04-29 23:36:44 -0700
@@ -3494,7 +3494,7 @@
#define WHITESP " \t\f\v\n\r"
char buf[BUFSIZ];
char *a, *p, *args[MAX_ARGS], *cmd = NULL;
- char linename[10];
+ char linename[20];
int i=0, lineno=0, qflag=0, pflag=0, status;
FILE *f = NULL;
pid_t preproc = 0;
@@ -3586,7 +3586,7 @@
while (fgets(buf, BUFSIZ, f)) {
lineno++;
- sprintf(linename, "Line %d", lineno);
+ snprintf(linename, sizeof(linename), "Line %d", lineno);
args[0] = linename;
if (*buf == '#')
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
More information about the Bugs
mailing list