Bug#553945: ttylog: Doesn't test length of device.

Mon, 02 Nov 2009 03:48:46 -0800 

Package: ttylog
Version: 0.1.c-1
Severity: normal

*** Please type your report below this line ***

  The script uses strcpy to copy the specified device
 name into a fixed buffer.

  This program isn't a security-sensitive one so the
 issue is minor, but the bug should be fixed:

 s...@gold:$  /usr/sbin/ttylog  -d `perl -e 'print "X"x3000'`
 Segmentation fault

  Patch included to turn this into:

 (139) s...@gold:/tmp/foo/ttylog-0.1.c$ ./ttylog  -d `perl -e 'print
 "X"x3000'`
 ./ttylog: invalid device
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



--- ttylog.c.orig       2009-11-02 11:09:39.000000000 +0000
+++ ttylog.c    2009-11-02 11:10:25.000000000 +0000
@@ -79,7 +79,9 @@
        {
          if (argv[i + 1] != NULL)
            {
-             strcpy (modem_device, argv[i + 1]);
+          memset( modem_device, '\0', sizeof(modem_device));
+             strncpy (modem_device, argv[i + 1],sizeof(modem_device)-1);
+
            }
          else
            {


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ttylog depends on:
ii  libc6                         2.10.1-4   GNU C Library: Shared libraries

ttylog recommends no packages.

ttylog suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to