Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Oct 2001 12:43:07 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc:        freebsd-net@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG
Subject:   Re: [CFR] whois(1) out-of-bound access patch
Message-ID:  <20011004124307.D1959@ringworld.oblivion.bg>
In-Reply-To: <20011004133041.B64960@nagual.pp.ru>; from ache@nagual.pp.ru on Thu, Oct 04, 2001 at 01:30:42PM %2B0400
References:  <20011004121640.C1959@ringworld.oblivion.bg> <20011004133041.B64960@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, Oct 04, 2001 at 01:28:02PM +0400, Andrey A. Chernov wrote:
> On Thu, Oct 04, 2001 at 12:16:40 +0300, Peter Pentchev wrote:
> > +             if ((len == 0) || !isspace(buf[len - 1])) {
>
> Must be isspace((unsigned char)....)
		
On Thu, Oct 04, 2001 at 01:30:42PM +0400, Andrey A. Chernov wrote:
> On Thu, Oct 04, 2001 at 12:16:40 +0300, Peter Pentchev wrote:
> > +			abuf = calloc(1, len + 1);
> > +			if (abuf == NULL) {
> > +				errno = ENOMEM;
> > +				err(1, "reallocating");
> > +			}
> 
> To overwrite errno set by calloc() is wrong.

Oops to both :\

OK, here's an updated patch.

G'luck,
Peter

-- 
If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false.

Index: src/usr.bin/whois/whois.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/whois/whois.c,v
retrieving revision 1.24
diff -u -r1.24 whois.c
--- src/usr.bin/whois/whois.c	2001/08/05 19:37:12	1.24
+++ src/usr.bin/whois/whois.c	2001/10/04 14:39:24
@@ -251,7 +251,7 @@
 {
 	FILE *sfi, *sfo;
 	struct addrinfo *res2;
-	char *buf, *nhost, *p;
+	char *abuf, *buf, *nhost, *p;
 	int i, nomatch, s;
 	size_t len;
 
@@ -275,7 +275,15 @@
 	nhost = NULL;
 	nomatch = 0;
 	while ((buf = fgetln(sfi, &len)) != NULL) {
-		while (len && isspace(buf[len - 1]))
+		abuf = NULL;
+		if ((len == 0) || !isspace((unsigned char)buf[len - 1])) {
+			abuf = calloc(1, len + 1);
+			if (abuf == NULL)
+				err(1, "reallocating");
+			memcpy(abuf, buf, len);
+			buf = abuf;
+		}
+		while (len && isspace((unsigned char)buf[len - 1]))
 			buf[--len] = '\0';
 
 		if ((flags & WHOIS_RECURSE) && nhost == NULL) {
@@ -304,6 +312,7 @@
 				nomatch = 1;
 		}
 		printf("%s\n", buf);
+		free(abuf);
 	}
 
 	/* Do second lookup as needed. */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004124307.D1959>