Date: Thu, 20 Jul 2000 10:46:59 +0400 (MSD) From: Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/20053: lengthen ALIGNed buffer in telnet/commands.c Message-ID: <200007200646.KAA04040@kapran.bitmcnit.bryansk.su>
next in thread | raw e-mail | index | archive | help
>Number: 20053
>Category: bin
>Synopsis: lengthen ALIGNed buffer in telnet/commands.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 20 00:10:05 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Alex Kapranoff
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
usr.bin/telnet/commands.c,v 1.24
>Description:
While I was cleaning up a warning with ALIGN(buf) assigned to a pointer,
I seem to manage to fix a possible subtle error. On 2904 line we
get an ALIGNed pointer to a char buf[1024] and then use 1024 as
the length of the (already ALIGNed) buffer. ALIGN can shift a
pointer by up to ALIGNBYTES and therefore in order to get a whole of 1024
bytes buffer we need to declare it as char buf[1024 + ALIGNBYTES].
>How-To-Repeat:
>Fix:
--- commands.c.ctm Thu Jul 20 10:18:03 2000
+++ commands.c Thu Jul 20 10:43:41 2000
@@ -2859,7 +2859,7 @@
int *protop;
int *optp;
{
- static char buf[1024]; /*XXX*/
+ static char buf[1024 + ALIGNBYTES]; /*XXX*/
struct cmsghdr *cmsg;
#ifdef sysV88
static IOPTN ipopt;
@@ -2901,7 +2901,7 @@
lsrp = *cpp;
ep = lsrp + *lenp;
} else {
- *cpp = lsrp = ALIGN(buf);
+ *cpp = lsrp = (char *)ALIGN(buf);
ep = lsrp + 1024;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007200646.KAA04040>