DragonFly bugs List (threaded) for 2010-04
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

[issue1753] ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)

From:	"Venkatesh Srinivas \(via DragonFly issue tracker\)" <sinknull@xxxxxxxxxxxxxxxxxxxxx>
Date:	Fri, 30 Apr 2010 06:39:22 +0000

New submission from Venkatesh Srinivas <me@acm.jhu.edu>:

FreeBSD commit notes:

"fix a buffer overflow with large (100k+) number of input lines."

--- /usr/src/sbin/ipfw/ipfw2.c	2010-02-23 09:32:26 -0800
+++ ipfw2.c	2010-04-29 23:36:44 -0700
@@ -3494,7 +3494,7 @@
 #define WHITESP		" \t\f\v\n\r"
 	char	buf[BUFSIZ];
 	char	*a, *p, *args[MAX_ARGS], *cmd = NULL;
-	char	linename[10];
+	char	linename[20];
 	int	i=0, lineno=0, qflag=0, pflag=0, status;
 	FILE	*f = NULL;
 	pid_t	preproc = 0;
@@ -3586,7 +3586,7 @@
 
 	while (fgets(buf, BUFSIZ, f)) {
 		lineno++;
-		sprintf(linename, "Line %d", lineno);
+		snprintf(linename, sizeof(linename), "Line %d", lineno);
 		args[0] = linename;
 
 		if (*buf == '#')

----------
messages: 8540
nosy: vsrinivas
status: unread
title: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)

_____________________________________________________
DragonFly issue tracker <bugs@lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1753>
_____________________________________________________

Follow-Ups:
- [issue1753] ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
  - From: "Venkatesh Srinivas \(via DragonFly issue tracker\)" <sinknull@leaf.dragonflybsd.org>

References:
- [issue1753] ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)
  - From: "Venkatesh Srinivas \(via DragonFly issue tracker\)" <sinknull@leaf.dragonflybsd.org>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]