Date: Sat, 19 Jul 2008 22:53:46 GMT From: "Pedro F. Giffuni" <pfgshield-freebsd@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/125787: print/nenscript prevent buffer overflow Message-ID: <200807192253.m6JMrk89099064@www.freebsd.org> Resent-Message-ID: <200807192300.m6JN06P3074238@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125787
>Category: ports
>Synopsis: print/nenscript prevent buffer overflow
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Jul 19 23:00:06 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Pedro F. Giffuni
>Release: 6.3-Release
>Organization:
>Environment:
FreeBSD kakumen.cable.net.co 6.3-RELEASE FreeBSD 6.3-RELEASE #10: Sat Jan 19 01:
13:55 COT 2008 root@kakumen.cable.net.co:/usr/src/sys/amd64/compile/SMP amd
64
>Description:
Minimal patch to prevent a buffer overflow. Really minimal, it's not exploitable.
>How-To-Repeat:
Found casually running security/flawfinder
>Fix:
diff -ruN nenscript.orig/files/patch-main.c nenscript/files/patch-main.c
--- nenscript.orig/files/patch-main.c 1969-12-31 19:00:00.000000000 -0500
+++ nenscript/files/patch-main.c 2008-07-19 14:34:43.000000000 -0500
@@ -0,0 +1,11 @@
+--- main.c.orig 2008-07-19 14:32:26.000000000 -0500
++++ main.c 2008-07-19 14:34:12.000000000 -0500
+@@ -601,7 +601,7 @@
+ exit (1);
+ }
+ #else
+- sprintf (cmd, "%s %s", LPR, printername);
++ snprintf (cmd, sizeof(cmd), "%s %s", LPR, printername);
+ if ((outputstream = popen (cmd, "w")) == NULL) {
+ perror (LPR);
+ exit (1);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807192253.m6JMrk89099064>