Issue #3012 has been updated by dillon. Status changed from New to Closed
Fix some minor issues. The overflows in cdcontrol.c and ppp/link.c do not appear to be exploitable (and the programs are hardly ever used by anyone). Fix committed by Matt ---------------------------------------- Bug #3012: sys/net/libalias, usr.sbin/cdcontrol and usr.sbin/ppp http://bugs.dragonflybsd.org/issues/3012#change-13125 * Author: dcb * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: ---------------------------------------- 1. dragonfly/sys/net/libalias/alias_irc.c:98] -> [dragonfly/sys/net/libalias/alias_irc.c:98]: (style) Same expression on both sides of '||'. Source code is if (ah->dport == NULL || ah->dport == NULL || ah->lnk == NULL || ah->maxpktsize == 0) Possible missing mention of sport ? 2. usr.sbin/cdcontrol/cdcontrol.c:1176: (error) Array 'buf[80]' accessed at index 80, which is out of bounds. buf[len] = 0; Maybe better code buf[len - 1] = 0; 3. usr.sbin/ppp/link.c:199]: (error) Array 'l.proto_in[13]' accessed at index 13, which is out of bounds. Source code is for (i = 0; i < NPROTOSTAT; i++) if (ProtocolStat[i].number == proto) break; if (type == PROTO_IN) l->proto_in[i]++; There doesn't seem to be any code here to deal with the case that i is out of range, because we don't find what we are looking for. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
