Date: Fri, 28 Jan 2000 00:05:11 -0600 (CST) From: Kevin Day <toasty@dragondata.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/16415: Buffer overflow in procctl(8) Message-ID: <200001280605.AAA83141@celery.dragondata.com>
next in thread | raw e-mail | index | archive | help
>Number: 16415 >Category: bin >Synopsis: Buffer overflow in procctl(8) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 27 22:10:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Kevin Day >Release: FreeBSD 3.4-STABLE i386 >Organization: DragonData Internet Services >Environment: Any FreeBSD system >Description: Procctl has a simple buffer overflow. It's not suid, so I wouldn't consider this a security problem. >How-To-Repeat: su-2.03# procctl 22348723894723984728974892748923894729834728934798273489273498274 Segmentation fault (core dumped) >Fix: --- procctl.c Thu Jan 27 23:55:57 2000 +++ procctl.c Thu Jan 27 23:56:57 2000 @@ -63,7 +63,7 @@ for (i = 1; i < ac; i++) { char buf[32]; - sprintf(buf, "/proc/%s/mem", av[i]); + snprintf(buf, sizeof(buf), "/proc/%s/mem", av[i]); fd = open(buf, O_RDWR); if (fd == -1) { if (errno == ENOENT) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001280605.AAA83141>