Issue #1753 has been updated by tuxillo. Description updated Category set to Userland Status changed from New to In Progress Assignee deleted (0) Target version set to 4.2.x
Hi, Still relevant, moving to Submit. Cheers, Antonio Huete ---------------------------------------- Bug #1753: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494) http://bugs.dragonflybsd.org/issues/1753#change-12526 * Author: vsrinivas * Status: In Progress * Priority: Normal * Assignee: * Category: Userland * Target version: 4.2.x ---------------------------------------- FreeBSD commit notes: "fix a buffer overflow with large (100k+) number of input lines." --- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 -0800 +++ ipfw2.c 2010-04-29 23:36:44 -0700 @@ -3494,7 +3494,7 @@ #define WHITESP " \t\f\v\n\r" char buf[BUFSIZ]; char *a, *p, *args[MAX_ARGS], *cmd = NULL; - char linename[10]; + char linename[20]; int i=0, lineno=0, qflag=0, pflag=0, status; FILE *f = NULL; pid_t preproc = 0; @@ -3586,7 +3586,7 @@ while (fgets(buf, BUFSIZ, f)) { lineno++; - sprintf(linename, "Line %d", lineno); + snprintf(linename, sizeof(linename), "Line %d", lineno); args[0] = linename; if (*buf == '#') -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
