From owner-freebsd-bugs Tue Oct 22 4:20:12 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E1A837B406 for ; Tue, 22 Oct 2002 04:20:10 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BFCD43E3B for ; Tue, 22 Oct 2002 04:20:09 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9MBK9x3063552 for ; Tue, 22 Oct 2002 04:20:09 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9MBK9Q5063551; Tue, 22 Oct 2002 04:20:09 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1A6337B404 for ; Tue, 22 Oct 2002 04:15:49 -0700 (PDT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 618E043E4A for ; Tue, 22 Oct 2002 04:15:49 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9MBFn7R042505 for ; Tue, 22 Oct 2002 04:15:49 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.6/8.12.6/Submit) id g9MBFnxn042504; Tue, 22 Oct 2002 04:15:49 -0700 (PDT) Message-Id: <200210221115.g9MBFnxn042504@www.freebsd.org> Date: Tue, 22 Oct 2002 04:15:49 -0700 (PDT) From: Meadele Mathieu To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/44379: libutil: property.c, properties_read() bad boundary check Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44379 >Category: misc >Synopsis: libutil: property.c, properties_read() bad boundary check >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 22 04:20:09 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Meadele Mathieu >Release: 4.7-RELEASE >Organization: >Environment: FreeBSD mach3 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 19 03:14:13 GMT 2002 root@mach3:/usr/obj/usr/src/sys/MACH3 i386 >Description: Hi, There is a bad boundary check in properties_read() when parsing 'name=value'. I patched property.c and added some corrections: - corrected bad boundary check. - ignore characters after space unless value is enclosed with brackets. - ignore characters after terminating bracket. - check for malloc/strdup return value. The attached path applies on /usr/src/lib/libutil/property.c >How-To-Repeat: create a file holding a word longer than PROPERTY_MAX_NAME+1 (65) characters. >Fix: I submited a patch. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message