Date: Thu, 20 Sep 2012 17:38:38 GMT From: Jeremy Huddleston Sequoia <jeremyhu@apple.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/171815: run_file in atrun does not allocate enough space for fmt Message-ID: <201209201738.q8KHccbI029449@red.freebsd.org> Resent-Message-ID: <201209201740.q8KHe3O0049790@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171815
>Category: bin
>Synopsis: run_file in atrun does not allocate enough space for fmt
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 20 17:40:03 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Jeremy Huddleston Sequoia
>Release: HEAD
>Organization:
Apple Inc
>Environment:
OS X
>Description:
src/libexec/atrun/atrun.c does the following:
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
..
char mailbuf[MAXLOGNAME], fmt[49];
..
snprintf(fmt, sizeof(fmt),
"#!/bin/sh\n# atrun uid=%%ld gid=%%ld\n# mail %%%ds %%d",
MAXLOGNAME - 1);
..
The problem is that the string being written is can be more than 48 characters long. Indeed if MAXLOGNAME is 255, we need 50 bytes to hold the string.
This results in atrun erring out on systems where MAXLOGNAME > 100.
>How-To-Repeat:
>Fix:
Index: atrun.c
===================================================================
--- atrun.c (revision 3476)
+++ atrun.c (working copy)
@@ -123,7 +123,7 @@
pid_t pid;
int fd_out, fd_in;
int queue;
- char mailbuf[MAXLOGNAME], fmt[49];
+ char mailbuf[MAXLOGNAME], fmt[64];
char *mailname = NULL;
FILE *stream;
int send_mail = 0;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209201738.q8KHccbI029449>