Josh Carroll wrote:
I included a limitation on the maximum length of a proto (mostly to
avoid buffer overflows) and 20 is probably way too large, so I can
lower that if need be.
I'm not sure buffer overflows are prevented:
static int
parse_protos(const char *protospec)
{
...
char curr_proto[MAX_PROTO_LEN];
while(...) {
...
if(pindex == MAX_PROTO_LEN) {
printf("Warning: truncating protocol\n");
curr_proto[pindex] = '\0';
...
}
}
...
}
The code above writes past the end of the array when the 'if' condition
is true. You probably meant if(pindex == MAX_PROTO_LEN-1).
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
