Date: Wed, 11 Feb 2004 18:41:25 -0000 From: =?iso-8859-1?Q?Christer_=D6berg?= <christer.oberg@texonet.com> To: <bugbusters@FreeBSD.org> Subject: Overflows in libatm Message-ID: <000901c2d248$8a6ca750$54f2f7d4@dim2ygqpjbo6c7>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C2D205.7B750050 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable There are some overflows in libatm, hopefully the attached diffs takes = care of the problem.=20 Oh and keep up the good work, I love FreeBSD :) Best regards, Christer ------=_NextPart_000_0005_01C2D205.7B750050 Content-Type: application/octet-stream; name="ioctl_subr.c.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ioctl_subr.c.diff" --- /usr/src/lib/libatm/ioctl_subr.c Tue Jul 29 13:35:03 2003=0A= +++ ioctl_subr.c Tue Feb 11 17:11:19 2003=0A= @@ -161,7 +161,7 @@=0A= air.air_opcode =3D AIOCS_INF_VCC;=0A= bzero(air.air_vcc_intf, sizeof(air.air_vcc_intf));=0A= if (intf !=3D NULL && strlen(intf) !=3D 0)=0A= - strcpy(air.air_vcc_intf, intf);=0A= + strncpy(air.air_vcc_intf, intf, IFNAMSIZ-1);=0A= =0A= buf_len =3D do_info_ioctl(&air, buf_len);=0A= =0A= @@ -375,7 +375,7 @@=0A= air.air_opcode =3D AIOCS_INF_CFG;=0A= bzero ( air.air_cfg_intf, sizeof(air.air_cfg_intf));=0A= if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A= - strcpy ( air.air_cfg_intf, intf );=0A= + strncpy ( air.air_cfg_intf, intf, IFNAMSIZ-1);=0A= =0A= buf_len =3D do_info_ioctl ( &air, buf_len );=0A= =0A= @@ -411,7 +411,7 @@=0A= air.air_opcode =3D AIOCS_INF_INT;=0A= bzero ( air.air_int_intf, sizeof(air.air_int_intf));=0A= if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A= - strcpy ( air.air_int_intf, intf );=0A= + strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);=0A= =0A= buf_len =3D do_info_ioctl ( &air, buf_len );=0A= =0A= @@ -448,7 +448,7 @@=0A= air.air_opcode =3D AIOCS_INF_NIF;=0A= bzero ( air.air_int_intf, sizeof(air.air_int_intf) );=0A= if ( intf !=3D NULL && strlen(intf) !=3D 0 )=0A= - strcpy ( air.air_int_intf, intf );=0A= + strncpy ( air.air_int_intf, intf, IFNAMSIZ-1);=0A= =0A= buf_len =3D do_info_ioctl ( &air, buf_len );=0A= =0A= ------=_NextPart_000_0005_01C2D205.7B750050 Content-Type: application/octet-stream; name="ip_addr.c.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ip_addr.c.diff" --- /usr/src/lib/libatm/ip_addr.c Tue Jul 29 13:51:53 2003=0A= +++ ip_addr.c Tue Feb 11 12:27:11 2003=0A= @@ -35,6 +35,7 @@=0A= *=0A= */=0A= =0A= +#include <stdio.h>=0A= #include <sys/types.h>=0A= #include <sys/param.h>=0A= #include <sys/socket.h>=0A= @@ -118,7 +119,7 @@=0A= const char *=0A= format_ip_addr(const struct in_addr *addr)=0A= {=0A= - static char host_name[128];=0A= + static char host_name[MAXHOSTNAMELEN+18];=0A= char *ip_num;=0A= struct hostent *ip_host;=0A= =0A= @@ -148,10 +149,8 @@=0A= /*=0A= * Return host name followed by dotted decimal address=0A= */=0A= - strcpy(host_name, ip_host->h_name);=0A= - strcat(host_name, " (");=0A= - strcat(host_name, ip_num);=0A= - strcat(host_name, ")");=0A= + snprintf(host_name, sizeof(host_name), "%s (%s)", =0A= + ip_host->h_name, ip_num);=0A= return(host_name);=0A= } else {=0A= /*=0A= ------=_NextPart_000_0005_01C2D205.7B750050--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c2d248$8a6ca750$54f2f7d4>