From owner-cvs-usrbin  Wed Feb  5 14:58:53 1997
Return-Path: <owner-cvs-usrbin>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA19875
          for cvs-usrbin-outgoing; Wed, 5 Feb 1997 14:58:53 -0800 (PST)
Received: (from jgreco@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA19868;
          Wed, 5 Feb 1997 14:58:52 -0800 (PST)
Date: Wed, 5 Feb 1997 14:58:52 -0800 (PST)
From: Joe Greco <jgreco>
Message-Id: <199702052258.OAA19868@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-usrbin
Subject: cvs commit:  src/usr.bin/modstat Makefile modstat.c
Sender: owner-cvs-usrbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

jgreco      97/02/05 14:58:51

  Branch:      usr.bin/modstat  RELENG_2_1_0
  Modified:    usr.bin/modstat  Makefile modstat.c
  Log:
  Fix an exploitable buffer overflow condition.  From l0pht:
  
  Modstat is sgid kmem which is really handy to become if you feel like
  looking through /dev/mem and /dev/kmem (gee, wonder what you might
  want to do that for ). Like just about everything else under the sun
  it has a buffer overflow problem. The problem exists in the dostat()
  routine where an arbitrary sized string is shoved into sbuf.name
  through a strcpy().
  
  <http://www.l0pht.com/advisories.html>
  
  This change was committed to 2.2 as rev. 1.4 of modstat.c by joerg, and is
  being duplicated verbatim in 2.1-STABLE -JG
  
  Revision  Changes    Path
  1.1.6.3   +1 -3      src/usr.bin/modstat/Makefile
  1.3.4.1   +3 -2      src/usr.bin/modstat/modstat.c