Project

General

Profile

Actions
Copy link

Submit #1753

closed

ipfw buffer overflow with lots of input lines (via FreeBSD commit 206494)

Added by vsrinivas almost 14 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Userland
Target version:
4.2
Start date:
Due date:
% Done:

0%

Estimated time:

Description

FreeBSD commit notes:

"fix a buffer overflow with large (100k+) number of input lines."

--- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 0800
++ ipfw2.c 2010-04-29 23:36:44 -0700
@ -3494,7 +3494,7 @
#define WHITESP " \t\f\v\n\r"
char buf[BUFSIZ];
char *a, *p, *args[MAX_ARGS], *cmd = NULL;
 char linename10;
char linename20;
int i=0, lineno=0, qflag=0, pflag=0, status;
FILE *f = NULL;
pid_t preproc = 0;
@ -3586,7 +3586,7 @

while (fgets(buf, BUFSIZ, f)) {
         lineno++;
-        sprintf(linename, "Line %d", lineno);
+        snprintf(linename, sizeof(linename), "Line %d", lineno);
         args[0] = linename;
if (*buf == '#')
Actions
Copy link
 #1

Updated by tuxillo over 9 years ago

  • Description updated (diff)
  • Category set to Userland
  • Status changed from New to In Progress
  • Assignee deleted (0)
  • Target version set to 4.2

Hi,

Still relevant, moving to Submit.

Cheers,
Antonio Huete

Actions
Copy link
 #2

Updated by tuxillo over 9 years ago

  • Tracker changed from Bug to Submit
Actions
Copy link
 #3

Updated by dillon over 9 years ago

  • Status changed from In Progress to Closed

committed - c36b81f71fac8e0c9ed26a72b2fa29fcf3ac9d4b

-Matt

Actions
Copy link

Also available in: Atom PDF