Date: Thu, 4 Oct 2001 12:43:07 +0300 From: Peter Pentchev <roam@ringlet.net> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: freebsd-net@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: [CFR] whois(1) out-of-bound access patch Message-ID: <20011004124307.D1959@ringworld.oblivion.bg> In-Reply-To: <20011004133041.B64960@nagual.pp.ru>; from ache@nagual.pp.ru on Thu, Oct 04, 2001 at 01:30:42PM %2B0400 References: <20011004121640.C1959@ringworld.oblivion.bg> <20011004133041.B64960@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 01:28:02PM +0400, Andrey A. Chernov wrote: > On Thu, Oct 04, 2001 at 12:16:40 +0300, Peter Pentchev wrote: > > + if ((len == 0) || !isspace(buf[len - 1])) { > > Must be isspace((unsigned char)....) On Thu, Oct 04, 2001 at 01:30:42PM +0400, Andrey A. Chernov wrote: > On Thu, Oct 04, 2001 at 12:16:40 +0300, Peter Pentchev wrote: > > + abuf = calloc(1, len + 1); > > + if (abuf == NULL) { > > + errno = ENOMEM; > > + err(1, "reallocating"); > > + } > > To overwrite errno set by calloc() is wrong. Oops to both :\ OK, here's an updated patch. G'luck, Peter -- If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false. Index: src/usr.bin/whois/whois.c =================================================================== RCS file: /home/ncvs/src/usr.bin/whois/whois.c,v retrieving revision 1.24 diff -u -r1.24 whois.c --- src/usr.bin/whois/whois.c 2001/08/05 19:37:12 1.24 +++ src/usr.bin/whois/whois.c 2001/10/04 14:39:24 @@ -251,7 +251,7 @@ { FILE *sfi, *sfo; struct addrinfo *res2; - char *buf, *nhost, *p; + char *abuf, *buf, *nhost, *p; int i, nomatch, s; size_t len; @@ -275,7 +275,15 @@ nhost = NULL; nomatch = 0; while ((buf = fgetln(sfi, &len)) != NULL) { - while (len && isspace(buf[len - 1])) + abuf = NULL; + if ((len == 0) || !isspace((unsigned char)buf[len - 1])) { + abuf = calloc(1, len + 1); + if (abuf == NULL) + err(1, "reallocating"); + memcpy(abuf, buf, len); + buf = abuf; + } + while (len && isspace((unsigned char)buf[len - 1])) buf[--len] = '\0'; if ((flags & WHOIS_RECURSE) && nhost == NULL) { @@ -304,6 +312,7 @@ nomatch = 1; } printf("%s\n", buf); + free(abuf); } /* Do second lookup as needed. */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004124307.D1959>