On 4/13/06, Hiroshi SAKURAI <[EMAIL PROTECTED]> wrote:
> Hi,
>
> wcsncpy on NetBSD 3.0 has a buffer overflow bug by writing extra '\0'.
> http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/string/wcsncpy.c?rev=1.2&content-type=text/x-cvsweb-markup
> This bug has been fixed on NetBSD-current, but not backported to 3.0.
Thanks for the update. You seem to keep track of NetBSD security pretty closely.
I changed the code to use wcslcpy instead of wcsncpy, so this should
not be an issue in the next fish version. Both functions work equaly
well in the relevant places, and it was only four or five calls
anyway.
I also updated the code so that if the OS already has wcslcpy and
wcslcat, the OS supplied versions will be used. Should make the
binaries a tiny bit smaller.
>
> NetBSD users should change fallback.c as following to prevent the bug
> for the meantime.
>
>
> Index: fallback.c
> ===================================================================
> --- fallback.c (revision 785)
> +++ fallback.c (revision 786)
> @@ -818,7 +818,7 @@
> {
> return 0;
> }
> - wcsncpy( res, in, c+1 );
> + wcsncpy( res, in, c );
> res[c] = L'\0';
> return res;
> }
>
>
> --
> Hiroshi SAKURAI
> http://vimrc.hp.infoseek.co.jp/
>
--
Axel
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0944&bid$1720&dat�1642
_______________________________________________
Fish-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fish-users
