From owner-freebsd-bugs Thu Sep 14 4: 0:10 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6FD6637B423 for ; Thu, 14 Sep 2000 04:00:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA27666; Thu, 14 Sep 2000 04:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from postman.lipetsk.ru (postman.lipetsk.ru [195.34.224.68]) by hub.freebsd.org (Postfix) with ESMTP id 0EE9A37B423 for ; Thu, 14 Sep 2000 03:50:27 -0700 (PDT) Received: from pluton.lipetsk.ru ([195.34.224.84]:62725 "EHLO pluton.lipetsk.ru") by relay.lipetsk.ru with ESMTP id ; Thu, 14 Sep 2000 14:50:12 +0400 Received: (from root@localhost) by pluton.lipetsk.ru (8.9.3/8.9.3) id OAA38146; Thu, 14 Sep 2000 14:49:30 +0400 (MSD) (envelope-from dimaker) Message-Id: <200009141049.OAA38146@pluton.lipetsk.ru> Date: Thu, 14 Sep 2000 14:49:30 +0400 (MSD) From: rabbit@lipetsk.ru Reply-To: rabbit@lipetsk.ru To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: gnu/21260: uux patch Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 21260 >Category: gnu >Synopsis: buffer overrun in uux >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 14 04:00:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Alexey Antipov >Release: FreeBSD 4.1-RELEASE i386 >Organization: JSC "Lipetskelektosvyas", Lipetsk, Russia >Environment: System: FreeBSD 4.1-RELEASE i386 >Description: uux has buffer overrun and therefore incorrectly handling nodenames 8-characters length and probably all quad-multiple lengths. >How-To-Repeat: Execute command: echo "test" | uux.orig - -r -gd access!foobar12!rnews and you will see in the uucp spool a file with the incorrectly string : C uucp -C -W -d -g d D.X09IF foobar12(àHáhá!X.plutond09IF If you execute command: echo "test" | uux.orig - -r -gd access!foobar1!rnews and you will see in the uucp spool a file with the right string : C uucp -C -W -d -g d D.X09IF foobar1!X.plutond09IF >Fix: Just apply to uux.c the following patch: --- uux.c.orig Thu Sep 14 14:06:21 2000 +++ uux.c Thu Sep 14 13:49:24 2000 @@ -532,7 +532,7 @@ else { clen = zexclam - zcmd; - zforward = zbufalc (clen); + zforward = zbufalc (clen+4); memcpy (zforward, zcmd, clen); zforward[clen] = '\0'; zcmd = zexclam + 1; -- SY >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message