Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Dec 2010 08:10:09 +0100
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        "Andrey V. Elsukov" <ae@FreeBSD.org>
Cc:        svn-src-stable@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, svn-src-stable-8@FreeBSD.org
Subject:   Re: svn commit: r216346 - stable/8/sbin/ipfw
Message-ID:  <20101210071009.GA59553@onelab2.iet.unipi.it>
In-Reply-To: <201012100515.oBA5FlLa062151@svn.freebsd.org>
References:  <201012100515.oBA5FlLa062151@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
thank you for doing these three MFC

cheers
luigi

On Fri, Dec 10, 2010 at 05:15:47AM +0000, Andrey V. Elsukov wrote:
> Author: ae
> Date: Fri Dec 10 05:15:47 2010
> New Revision: 216346
> URL: http://svn.freebsd.org/changeset/base/216346
> 
> Log:
>   MFC r206494 by luigi:
>     fix a buffer overflow with large (100k+) number of input lines.
>   
>   Approved by:	re (bz)
> 
> Modified:
>   stable/8/sbin/ipfw/main.c
> Directory Properties:
>   stable/8/sbin/ipfw/   (props changed)
> 
> Modified: stable/8/sbin/ipfw/main.c
> ==============================================================================
> --- stable/8/sbin/ipfw/main.c	Fri Dec 10 00:53:16 2010	(r216345)
> +++ stable/8/sbin/ipfw/main.c	Fri Dec 10 05:15:47 2010	(r216346)
> @@ -553,11 +553,11 @@ ipfw_readfile(int ac, char *av[])
>  	}
>  
>  	while (fgets(buf, BUFSIZ, f)) {		/* read commands */
> -		char linename[10];
> +		char linename[20];
>  		char *args[2];
>  
>  		lineno++;
> -		sprintf(linename, "Line %d", lineno);
> +		snprintf(linename, sizeof(linename), "Line %d", lineno);
>  		setprogname(linename); /* XXX */
>  		args[0] = progname;
>  		args[1] = buf;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101210071009.GA59553>