[DragonFlyBSD - Bug #3012] (Closed) sys/net/libalias, usr.sbin/cdcontrol and usr.sbin/ppp

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Apr 10 22:31:26 PDT 2017

Issue #3012 has been updated by dillon.

Status changed from New to Closed

Fix some minor issues.  The overflows in cdcontrol.c and ppp/link.c do not appear to be exploitable (and the programs are hardly ever used by anyone).

Fix committed by Matt

Bug #3012: sys/net/libalias, usr.sbin/cdcontrol and usr.sbin/ppp

* Author: dcb
* Status: Closed
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 

dragonfly/sys/net/libalias/alias_irc.c:98] -> [dragonfly/sys/net/libalias/alias_irc.c:98]: (style) Same expression on both sides of '||'.

Source code is

    if (ah->dport == NULL || ah->dport == NULL || ah->lnk == NULL ||
        ah->maxpktsize == 0)

Possible missing mention of sport ?


usr.sbin/cdcontrol/cdcontrol.c:1176: (error) Array 'buf[80]' accessed at index 80, which is out of bounds.

     buf[len] = 0;

Maybe better code

     buf[len - 1] = 0;


usr.sbin/ppp/link.c:199]: (error) Array 'l.proto_in[13]' accessed at index 13, which is out of bounds.

Source code is

  for (i = 0; i < NPROTOSTAT; i++)
    if (ProtocolStat[i].number == proto)

  if (type == PROTO_IN)

There doesn't seem to be any code here to deal with the case that 
i is out of range, because we don't find what we are looking for.

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

More information about the Bugs mailing list