Date: Tue, 7 Nov 2006 12:36:36 -0500 From: "Michael M. Press" <deathjestr@gmail.com> To: "Josh Carroll" <josh.carroll@psualum.com> Cc: freebsd-hackers@freebsd.org Subject: Re: sockstat tcp/udp switches Message-ID: <44b564930611070936n1e5d791em207ef6ae7b704b93@mail.gmail.com> In-Reply-To: <8cb6106e0611061517k62c9193fnbbfc8e36db328282@mail.gmail.com> References: <8cb6106e0610311058s7144d38bp2b1dafd114e2b433@mail.gmail.com> <8cb6106e0611021507n6315b629kad8cbbf901343c2@mail.gmail.com> <20061103021803.GC8508@kobe.laptop> <8cb6106e0611021834h17737556y4bb2fda39a4bfa0c@mail.gmail.com> <20061103024621.GB16445@kobe.laptop> <20061103024837.GB79357@lor.one-eyed-alien.net> <20061103025442.GB16543@kobe.laptop> <8cb6106e0611031550y1381b67agdc74144b89de763b@mail.gmail.com> <20061104062439.GD854@turion.vk2pj.dyndns.org> <8cb6106e0611061517k62c9193fnbbfc8e36db328282@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Carroll wrote: > I included a limitation on the maximum length of a proto (mostly to > avoid buffer overflows) and 20 is probably way too large, so I can > lower that if need be. I'm not sure buffer overflows are prevented: static int parse_protos(const char *protospec) { ... char curr_proto[MAX_PROTO_LEN]; while(...) { ... if(pindex == MAX_PROTO_LEN) { printf("Warning: truncating protocol\n"); curr_proto[pindex] = '\0'; ... } } ... } The code above writes past the end of the array when the 'if' condition is true. You probably meant if(pindex == MAX_PROTO_LEN-1).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44b564930611070936n1e5d791em207ef6ae7b704b93>