Issue #1753 has been updated by dillon. Status changed from In Progress to Closed
committed - c36b81f71fac8e0c9ed26a72b2fa29fcf3ac9d4b -Matt ---------------------------------------- Submit #1753: ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494) http://bugs.dragonflybsd.org/issues/1753#change-12541 * Author: vsrinivas * Status: Closed * Priority: Normal * Assignee: * Category: Userland * Target version: 4.2.x ---------------------------------------- FreeBSD commit notes: "fix a buffer overflow with large (100k+) number of input lines." --- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 -0800 +++ ipfw2.c 2010-04-29 23:36:44 -0700 @@ -3494,7 +3494,7 @@ #define WHITESP " \t\f\v\n\r" char buf[BUFSIZ]; char *a, *p, *args[MAX_ARGS], *cmd = NULL; - char linename[10]; + char linename[20]; int i=0, lineno=0, qflag=0, pflag=0, status; FILE *f = NULL; pid_t preproc = 0; @@ -3586,7 +3586,7 @@ while (fgets(buf, BUFSIZ, f)) { lineno++; - sprintf(linename, "Line %d", lineno); + snprintf(linename, sizeof(linename), "Line %d", lineno); args[0] = linename; if (*buf == '#') -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
