Date: Thu, 8 Aug 1996 08:19:40 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-current@FreeBSD.org (FreeBSD-current users) Cc: marxx@doomsday.org (Charles C. Figueiredo) Subject: Re: exploitable security risk Message-ID: <199608080619.IAA16390@uriah.heep.sax.de> In-Reply-To: <Pine.BSF.3.91.960807172333.16215A-100000@apocalypse.superlink.net> from "Charles C. Figueiredo" at "Aug 7, 96 05:39:51 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Charles C. Figueiredo wrote: > /usr/src/usr.bin/modstat/modstat.c does a blind strcpy from a char > pointer into a 32 byte buffer. [...] Thansk for pointing this out. However: > 48a49,50 > > #define MNLEN 32 > > > 75,76c77,78 > < if (modname != NULL) > < strcpy(sbuf.name, modname); > --- > > if ( modname != NULL) > > strncpy(sbuf.name, modname, MNLEN); . the name of the constant is MAXLKMNAME (now?) . the string should be '\0'-terminated even in case strncpy() trims it . a context diff would have been more appreciated ;) I'm going to commit a fix based on your suggestion, thanks! -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608080619.IAA16390>