看板 DFBSD_bugs 關於我們 聯絡資訊
發信人Christer 猇erg <christer.oberg@ornsat.com>,
看板DFBSD_bugs
標 題libatm overflows
發信站(null) (Fri Sep 24 04:17:31 2004)
轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M
This is a multi-part message in MIME format. --------------000503090306030504060001 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit There are some overflows in libatm, see attached diffs. --------------000503090306030504060001 Content-Type: text/plain; name="ioctl_subr.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ioctl_subr.diff" --- lib/libatm/ioctl_subr.c 2004-09-23 22:46:46.000000000 +0200 +++ lib/libatm/ioctl_subr.new 2004-09-23 22:42:25.000000000 +0200 @@ -164,7 +164,7 @@ air.air_opcode = AIOCS_INF_VCC; UM_ZERO(air.air_vcc_intf, sizeof(air.air_vcc_intf)); if (intf != NULL && strlen(intf) != 0) - strcpy(air.air_vcc_intf, intf); + strlcpy(air.air_vcc_intf, intf, IFNAMSIZ); buf_len = do_info_ioctl(&air, buf_len); @@ -384,7 +384,7 @@ air.air_opcode = AIOCS_INF_CFG; UM_ZERO ( air.air_cfg_intf, sizeof(air.air_cfg_intf)); if ( intf != NULL && strlen(intf) != 0 ) - strcpy ( air.air_cfg_intf, intf ); + strlcpy ( air.air_cfg_intf, intf, IFNAMSIZ ); buf_len = do_info_ioctl ( &air, buf_len ); @@ -422,7 +422,7 @@ air.air_opcode = AIOCS_INF_INT; UM_ZERO ( air.air_int_intf, sizeof(air.air_int_intf)); if ( intf != NULL && strlen(intf) != 0 ) - strcpy ( air.air_int_intf, intf ); + strlcpy ( air.air_int_intf, intf, IFNAMSIZ ); buf_len = do_info_ioctl ( &air, buf_len ); @@ -461,7 +461,7 @@ air.air_opcode = AIOCS_INF_NIF; UM_ZERO ( air.air_int_intf, sizeof(air.air_int_intf) ); if ( intf != NULL && strlen(intf) != 0 ) - strcpy ( air.air_int_intf, intf ); + strlcpy ( air.air_int_intf, intf, IFNAMSIZ ); buf_len = do_info_ioctl ( &air, buf_len ); --------------000503090306030504060001 Content-Type: text/plain; name="ip_addr.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ip_addr.diff" --- lib/libatm/ip_addr.c 2004-09-23 22:46:40.000000000 +0200 +++ lib/libatm/ip_addr.new 2004-09-23 22:42:50.000000000 +0200 @@ -122,7 +122,7 @@ format_ip_addr(addr) struct in_addr *addr; { - static char host_name[128]; + static char host_name[MAXHOSTNAMELEN + 18]; char *ip_num; struct hostent *ip_host; @@ -152,11 +152,9 @@ /* * Return host name followed by dotted decimal address */ - strcpy(host_name, ip_host->h_name); - strcat(host_name, " ("); - strcat(host_name, ip_num); - strcat(host_name, ")"); - return(host_name); + snprintf(host_name, sizeof(host_name), "%s (%s)", + ip_host->h_name, ip_num); + return (host_name); } else { /* * No host name -- just return dotted decimal address --------------000503090306030504060001--