Hi Mark, I did some more checking, and it looks like there is a possible buffer overflow there (and I found a few others after that was fixed). The good news is, after changing a few snprintf calls to have a more appropriate buffer size, cfagent is now running fine. I'm attaching a patch which makes the changes, although it currently uses a hardcoded '1024', which would be better to change to some constant defined elsewhere. For example, the one I wrote about was line 52 of crypto.c: snprintf(AVDB,CF_BUFSIZE,"%s/%s",CFWORKDIR,CF_AVDB_FILE);
AVDB is defined as 'char AVDB[1024]', but CF_BUFSIZE is 4096 (as is CFWORKDIR), so a buffer overflow is possible there. Changing the snprintf call to use 1024 as the buffer size (since that is the size of AVDB) works great: snprintf(AVDB,1024,"%s/%s",CFWORKDIR,CF_AVDB_FILE); There were two others that I found after that was fixed (see the patch). There may be more, but after fixing those I was able to do a clean run of cfagent in my environment. -Jeff On 4/6/05 7:42 AM, "Mark Burgess" <[EMAIL PROTECTED]> wrote: > > It looks to me as though the problem might be in snprintf. I certainly > cannot see anything wrong with the code as it stands. > > M >
cfengine-2.1.13-fc4.patch
Description: Binary data
_______________________________________________ Bug-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-cfengine
