0001-Fixed-buffer-overflow-in-usr.bin-shlock-shlock.c-and.patch

Gwenio, 03/07/2013 12:58 PM

Download (3.16 KB)

View differences:

lib/libevtr/evtr.c
853 853
	static struct evtr_event tdcr;
854 854
	static char *fmt = "new_td %p %s";
855 855
	char tidstr[40];
856
	char fmtdata[sizeof(void *) + sizeof(char *)];
856
	void *fmtdata[2];
857 857

  
858 858
	cpu = evtr_cpu(evtr, ev->cpu);
859 859
	if (!cpu) {
......
884 884
		tdcr.cpu = ev->cpu;
885 885
		tdcr.td = NULL;
886 886
		snprintf(tidstr, sizeof(tidstr), "%p", ktdn);
887
		((void **)fmtdata)[0] = ktdn;
888
		((char **)fmtdata)[1] = &tidstr[0];
887
		fmtdata[0] = ktdn;
888
		fmtdata[1] = tidstr;
889 889
		thread_creation_callback(&tdcr, d);
890 890

  
891 891
		tdn = thread_map_find(&evtr->threads, ktdn);
lib/libfetch/ftp.c
118 118
unmappedaddr(struct sockaddr_in6 *sin6)
119 119
{
120 120
	struct sockaddr_in *sin4;
121
	u_int32_t addr;
121
	void *addr;
122 122
	int port;
123 123

  
124 124
	if (sin6->sin6_family != AF_INET6 ||
125 125
	    !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
126 126
		return;
127 127
	sin4 = (struct sockaddr_in *)sin6;
128
	addr = *(u_int32_t *)(uintptr_t)&sin6->sin6_addr.s6_addr[12];
128
	addr = &sin6->sin6_addr.s6_addr[12];
129 129
	port = sin6->sin6_port;
130 130
	memset(sin4, 0, sizeof(struct sockaddr_in));
131
	sin4->sin_addr.s_addr = addr;
131
	sin4->sin_addr.s_addr = *(uint32_t *)addr;
132 132
	sin4->sin_port = port;
133 133
	sin4->sin_family = AF_INET;
134 134
	sin4->sin_len = sizeof(struct sockaddr_in);
libexec/tftpd/tftpd.c
798 798
unmappedaddr(struct sockaddr_in6 *sin6)
799 799
{
800 800
	struct sockaddr_in *sin4;
801
	u_int32_t addr;
801
	void *addr;
802 802
	int port;
803 803

  
804 804
	if (sin6->sin6_family != AF_INET6 ||
805 805
	    !IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
806 806
		return;
807 807
	sin4 = (struct sockaddr_in *)sin6;
808
	addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12];
808
	addr = &sin6->sin6_addr.s6_addr[12];
809 809
	port = sin6->sin6_port;
810 810
	memset(sin4, 0, sizeof(struct sockaddr_in));
811
	sin4->sin_addr.s_addr = addr;
811
	sin4->sin_addr.s_addr = *(uint32_t *)addr;
812 812
	sin4->sin_port = port;
813 813
	sin4->sin_family = AF_INET;
814 814
	sin4->sin_len = sizeof(struct sockaddr_in);
usr.bin/shlock/shlock.c
234 234
			return(1);
235 235
		}
236 236

  
237
		buf[BUFSIZE] = '\0';
237
		buf[BUFSIZE - 1] = '\0';
238 238
		errno = 0;
239 239
		tmp_pid = strtol(buf, &endptr, 10);
240 240
		if ((*endptr != '\0' && *endptr != '\n') || errno ||
241
-