Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Feb 2004 18:41:25 -0000
From:      =?iso-8859-1?Q?Christer_=D6berg?= <christer.oberg@texonet.com>
To:        <bugbusters@FreeBSD.org>
Subject:   Overflows in libatm
Message-ID:  <000901c2d248$8a6ca750$54f2f7d4@dim2ygqpjbo6c7>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
There are some overflows in libatm, hopefully the attached diffs takes care of the problem. 

Oh and keep up the good work, I love FreeBSD :)

Best regards,
Christer


[-- Attachment #2 --]
--- /usr/src/lib/libatm/ioctl_subr.c	Tue Jul 29 13:35:03 2003
+++ ioctl_subr.c	Tue Feb 11 17:11:19 2003
@@ -161,7 +161,7 @@
 	air.air_opcode = AIOCS_INF_VCC;
 	bzero(air.air_vcc_intf, sizeof(air.air_vcc_intf));
 	if (intf != NULL && strlen(intf) != 0)
-		strcpy(air.air_vcc_intf, intf);
+		strncpy(air.air_vcc_intf, intf, IFNAMSIZ-1);
 
 	buf_len = do_info_ioctl(&air, buf_len);
 
@@ -375,7 +375,7 @@
         air.air_opcode = AIOCS_INF_CFG;
         bzero ( air.air_cfg_intf, sizeof(air.air_cfg_intf));
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_cfg_intf, intf );
+                strncpy ( air.air_cfg_intf, intf, IFNAMSIZ-1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
 
@@ -411,7 +411,7 @@
         air.air_opcode = AIOCS_INF_INT;
         bzero ( air.air_int_intf, sizeof(air.air_int_intf));
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_int_intf, intf );
+                strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
  
@@ -448,7 +448,7 @@
         air.air_opcode = AIOCS_INF_NIF;
         bzero ( air.air_int_intf, sizeof(air.air_int_intf) );
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_int_intf, intf );
+                strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
 

[-- Attachment #3 --]
--- /usr/src/lib/libatm/ip_addr.c	Tue Jul 29 13:51:53 2003
+++ ip_addr.c	Tue Feb 11 12:27:11 2003
@@ -35,6 +35,7 @@
  *
  */
 
+#include <stdio.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -118,7 +119,7 @@
 const char *
 format_ip_addr(const struct in_addr *addr)
 {
-	static char	host_name[128];
+	static char	host_name[MAXHOSTNAMELEN+18];
 	char		*ip_num;
 	struct hostent	*ip_host;
 
@@ -148,10 +149,8 @@
 		/*
 		 * Return host name followed by dotted decimal address
 		 */
-		strcpy(host_name, ip_host->h_name);
-		strcat(host_name, " (");
-		strcat(host_name, ip_num);
-		strcat(host_name, ")");
+		snprintf(host_name, sizeof(host_name), "%s (%s)", 
+			ip_host->h_name, ip_num);
 		return(host_name);
 	} else {
 		/*
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c2d248$8a6ca750$54f2f7d4>