Project

General

Profile

Download (3.16 KB)

Submit #2525 ยป 0001-Fixed-buffer-overflow-in-usr.bin-shlock-shlock.c-and.patch

Gwenio, 03/07/2013 12:58 PM

View differences:

lib/libevtr/evtr.c
static struct evtr_event tdcr;
static char *fmt = "new_td %p %s";
char tidstr[40];
char fmtdata[sizeof(void *) + sizeof(char *)];
void *fmtdata[2];
cpu = evtr_cpu(evtr, ev->cpu);
if (!cpu) {
......
tdcr.cpu = ev->cpu;
tdcr.td = NULL;
snprintf(tidstr, sizeof(tidstr), "%p", ktdn);
((void **)fmtdata)[0] = ktdn;
((char **)fmtdata)[1] = &tidstr[0];
fmtdata[0] = ktdn;
fmtdata[1] = tidstr;
thread_creation_callback(&tdcr, d);
tdn = thread_map_find(&evtr->threads, ktdn);
lib/libfetch/ftp.c
unmappedaddr(struct sockaddr_in6 *sin6)
{
struct sockaddr_in *sin4;
u_int32_t addr;
void *addr;
int port;
if (sin6->sin6_family != AF_INET6 ||
!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
return;
sin4 = (struct sockaddr_in *)sin6;
addr = *(u_int32_t *)(uintptr_t)&sin6->sin6_addr.s6_addr[12];
addr = &sin6->sin6_addr.s6_addr[12];
port = sin6->sin6_port;
memset(sin4, 0, sizeof(struct sockaddr_in));
sin4->sin_addr.s_addr = addr;
sin4->sin_addr.s_addr = *(uint32_t *)addr;
sin4->sin_port = port;
sin4->sin_family = AF_INET;
sin4->sin_len = sizeof(struct sockaddr_in);
libexec/tftpd/tftpd.c
unmappedaddr(struct sockaddr_in6 *sin6)
{
struct sockaddr_in *sin4;
u_int32_t addr;
void *addr;
int port;
if (sin6->sin6_family != AF_INET6 ||
!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
return;
sin4 = (struct sockaddr_in *)sin6;
addr = *(u_int32_t *)&sin6->sin6_addr.s6_addr[12];
addr = &sin6->sin6_addr.s6_addr[12];
port = sin6->sin6_port;
memset(sin4, 0, sizeof(struct sockaddr_in));
sin4->sin_addr.s_addr = addr;
sin4->sin_addr.s_addr = *(uint32_t *)addr;
sin4->sin_port = port;
sin4->sin_family = AF_INET;
sin4->sin_len = sizeof(struct sockaddr_in);
usr.bin/shlock/shlock.c
return(1);
}
buf[BUFSIZE] = '\0';
buf[BUFSIZE - 1] = '\0';
errno = 0;
tmp_pid = strtol(buf, &endptr, 10);
if ((*endptr != '\0' && *endptr != '\n') || errno ||
    (1-1/1)