Date: Wed, 11 Feb 2004 18:41:25 -0000 From: =?iso-8859-1?Q?Christer_=D6berg?= <christer.oberg@texonet.com> To: <bugbusters@FreeBSD.org> Subject: Overflows in libatm Message-ID: <000901c2d248$8a6ca750$54f2f7d4@dim2ygqpjbo6c7>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0005_01C2D205.7B750050
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
There are some overflows in libatm, hopefully the attached diffs takes =
care of the problem.=20
Oh and keep up the good work, I love FreeBSD :)
Best regards,
Christer
------=_NextPart_000_0005_01C2D205.7B750050
Content-Type: application/octet-stream;
name="ioctl_subr.c.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="ioctl_subr.c.diff"
--- /usr/src/lib/libatm/ioctl_subr.c Tue Jul 29 13:35:03 2003=0A=
+++ ioctl_subr.c Tue Feb 11 17:11:19 2003=0A=
@@ -161,7 +161,7 @@=0A=
air.air_opcode =3D AIOCS_INF_VCC;=0A=
bzero(air.air_vcc_intf, sizeof(air.air_vcc_intf));=0A=
if (intf !=3D NULL && strlen(intf) !=3D 0)=0A=
- strcpy(air.air_vcc_intf, intf);=0A=
+ strncpy(air.air_vcc_intf, intf, IFNAMSIZ-1);=0A=
=0A=
buf_len =3D do_info_ioctl(&air, buf_len);=0A=
=0A=
@@ -375,7 +375,7 @@=0A=
air.air_opcode =3D AIOCS_INF_CFG;=0A=
bzero ( air.air_cfg_intf, sizeof(air.air_cfg_intf));=0A=
if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A=
- strcpy ( air.air_cfg_intf, intf );=0A=
+ strncpy ( air.air_cfg_intf, intf, IFNAMSIZ-1);=0A=
=0A=
buf_len =3D do_info_ioctl ( &air, buf_len );=0A=
=0A=
@@ -411,7 +411,7 @@=0A=
air.air_opcode =3D AIOCS_INF_INT;=0A=
bzero ( air.air_int_intf, sizeof(air.air_int_intf));=0A=
if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A=
- strcpy ( air.air_int_intf, intf );=0A=
+ strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);=0A=
=0A=
buf_len =3D do_info_ioctl ( &air, buf_len );=0A=
=0A=
@@ -448,7 +448,7 @@=0A=
air.air_opcode =3D AIOCS_INF_NIF;=0A=
bzero ( air.air_int_intf, sizeof(air.air_int_intf) );=0A=
if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A=
- strcpy ( air.air_int_intf, intf );=0A=
+ strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);=0A=
=0A=
buf_len =3D do_info_ioctl ( &air, buf_len );=0A=
=0A=
------=_NextPart_000_0005_01C2D205.7B750050
Content-Type: application/octet-stream;
name="ip_addr.c.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="ip_addr.c.diff"
--- /usr/src/lib/libatm/ip_addr.c Tue Jul 29 13:51:53 2003=0A=
+++ ip_addr.c Tue Feb 11 12:27:11 2003=0A=
@@ -35,6 +35,7 @@=0A=
*=0A=
*/=0A=
=0A=
+#include <stdio.h>=0A=
#include <sys/types.h>=0A=
#include <sys/param.h>=0A=
#include <sys/socket.h>=0A=
@@ -118,7 +119,7 @@=0A=
const char *=0A=
format_ip_addr(const struct in_addr *addr)=0A=
{=0A=
- static char host_name[128];=0A=
+ static char host_name[MAXHOSTNAMELEN+18];=0A=
char *ip_num;=0A=
struct hostent *ip_host;=0A=
=0A=
@@ -148,10 +149,8 @@=0A=
/*=0A=
* Return host name followed by dotted decimal address=0A=
*/=0A=
- strcpy(host_name, ip_host->h_name);=0A=
- strcat(host_name, " (");=0A=
- strcat(host_name, ip_num);=0A=
- strcat(host_name, ")");=0A=
+ snprintf(host_name, sizeof(host_name), "%s (%s)", =0A=
+ ip_host->h_name, ip_num);=0A=
return(host_name);=0A=
} else {=0A=
/*=0A=
------=_NextPart_000_0005_01C2D205.7B750050--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c2d248$8a6ca750$54f2f7d4>