DragonFly commits List (threaded) for 2006-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
cvs commit: src/sbin/ifconfig ifieee80211.c
| From: | Sepherosa Ziehau <sephe@xxxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 8 Dec 2006 06:25:07 -0800 (PST) |
sephe 2006/12/08 06:25:07 PST
DragonFly src repository
Modified files:
sbin/ifconfig ifieee80211.c
Log:
Fix a stack overflow in ifconfig(8).
The stack overflow happens, if "-" is passed as the argument to 'ssid' or
'wepkey' commands. The offender is ifieee80211.c:get_string()'s "-" special
handling:
...
len = p - buf;
/* The string "-" is treated as the empty string. */
if (!hexstr && len == 1 && buf[0] == '-')
len = 0;
if (len < *lenp)
memset(p, 0, *lenp - len);
...
If the string is "-", the 'p' will be 1 byte beyound 'buf' and 'len' is set to
0. 'len' must be less than '*lenp' here, so memset() will be called. But the
length, used to clear the buffer, is 1 byte larger the buffer pointed by 'p'
Revision Changes Path
1.17 +2 -2 src/sbin/ifconfig/ifieee80211.c
http://www.dragonflybsd.org/cvsweb/src/sbin/ifconfig/ifieee80211.c.diff?r1=1.16&r2=1.17&f=u
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]