Date: Tue, 7 Nov 2006 12:36:36 -0500 From: "Michael M. Press" <deathjestr@gmail.com> To: "Josh Carroll" <josh.carroll@psualum.com> Cc: freebsd-hackers@freebsd.org Subject: Re: sockstat tcp/udp switches Message-ID: <44b564930611070936n1e5d791em207ef6ae7b704b93@mail.gmail.com> In-Reply-To: <8cb6106e0611061517k62c9193fnbbfc8e36db328282@mail.gmail.com> References: <8cb6106e0610311058s7144d38bp2b1dafd114e2b433@mail.gmail.com> <8cb6106e0611021507n6315b629kad8cbbf901343c2@mail.gmail.com> <20061103021803.GC8508@kobe.laptop> <8cb6106e0611021834h17737556y4bb2fda39a4bfa0c@mail.gmail.com> <20061103024621.GB16445@kobe.laptop> <20061103024837.GB79357@lor.one-eyed-alien.net> <20061103025442.GB16543@kobe.laptop> <8cb6106e0611031550y1381b67agdc74144b89de763b@mail.gmail.com> <20061104062439.GD854@turion.vk2pj.dyndns.org> <8cb6106e0611061517k62c9193fnbbfc8e36db328282@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Carroll wrote:
> I included a limitation on the maximum length of a proto (mostly to
> avoid buffer overflows) and 20 is probably way too large, so I can
> lower that if need be.
I'm not sure buffer overflows are prevented:
static int
parse_protos(const char *protospec)
{
...
char curr_proto[MAX_PROTO_LEN];
while(...) {
...
if(pindex == MAX_PROTO_LEN) {
printf("Warning: truncating protocol\n");
curr_proto[pindex] = '\0';
...
}
}
...
}
The code above writes past the end of the array when the 'if' condition
is true. You probably meant if(pindex == MAX_PROTO_LEN-1).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44b564930611070936n1e5d791em207ef6ae7b704b93>