Project

General

Profile

Actions

Bug #3012

closed

sys/net/libalias, usr.sbin/cdcontrol and usr.sbin/ppp

Added by dcb over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/04/2017
Due date:
% Done:

0%

Estimated time:

Description

1.

dragonfly/sys/net/libalias/alias_irc.c:98] -> [dragonfly/sys/net/libalias/alias_irc.c:98]: (style) Same expression on both sides of '||'.

Source code is

if (ah->dport  NULL || ah->dport  NULL || ah->lnk  NULL ||
ah->maxpktsize 0)

Possible missing mention of sport ?

2.

usr.sbin/cdcontrol/cdcontrol.c:1176: (error) Array 'buf80' accessed at index 80, which is out of bounds.

buf[len] = 0;

Maybe better code

buf[len - 1] = 0;

3.

usr.sbin/ppp/link.c:199]: (error) Array 'l.proto_in13' accessed at index 13, which is out of bounds.

Source code is

for (i = 0; i < NPROTOSTAT; i++)
if (ProtocolStat[i].number proto)
break;
if (type  PROTO_IN)
l->proto_in[i]++;

There doesn't seem to be any code here to deal with the case that
i is out of range, because we don't find what we are looking for.

Actions #1

Updated by dillon over 7 years ago

  • Status changed from New to Closed

Fix some minor issues. The overflows in cdcontrol.c and ppp/link.c do not appear to be exploitable (and the programs are hardly ever used by anyone).

Fix committed by Matt

Actions

Also available in: Atom PDF