Date: Tue, 21 Apr 2009 10:54:47 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r191353 - in releng/7.2/contrib/ntp: . ntpq Message-ID: <200904211054.n3LAsl5b080836@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cperciva Date: Tue Apr 21 10:54:47 2009 New Revision: 191353 URL: http://svn.freebsd.org/changeset/base/191353 Log: MFH r191302: Fix a buffer overflow. For reasons of stack alignment, it does not appear that this is exploitable on any systems FreeBSD runs on, so this will not be getting a security advisory. Approved by: re (kib) Modified: releng/7.2/contrib/ntp/ (props changed) releng/7.2/contrib/ntp/ntpq/ntpq.c Modified: releng/7.2/contrib/ntp/ntpq/ntpq.c ============================================================================== --- releng/7.2/contrib/ntp/ntpq/ntpq.c Tue Apr 21 10:51:22 2009 (r191352) +++ releng/7.2/contrib/ntp/ntpq/ntpq.c Tue Apr 21 10:54:47 2009 (r191353) @@ -3185,9 +3185,9 @@ cookedprint( if (!decodeuint(value, &uval)) output_raw = '?'; else { - char b[10]; + char b[12]; - (void) sprintf(b, "%03lo", uval); + (void) snprintf(b, sizeof(b), "%03lo", uval); output(fp, name, b); } break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904211054.n3LAsl5b080836>