Submit #1753
Updated by tuxillo almost 10 years ago
FreeBSD commit notes: "fix a buffer overflow with large (100k+) number of input lines." --- /usr/src/sbin/ipfw/ipfw2.c 2010-02-23 09:32:26 -0800 +++ ipfw2.c 2010-04-29 23:36:44 -0700 @@ -3494,7 +3494,7 @@ #define WHITESP " \t\f\v\n\r" char buf[BUFSIZ]; char *a, *p, *args[MAX_ARGS], *cmd = NULL; - char linename[10]; + char linename[20]; int i=0, lineno=0, qflag=0, pflag=0, status; FILE *f = NULL; pid_t preproc = 0; @@ -3586,7 +3586,7 @@ while (fgets(buf, BUFSIZ, f)) { lineno++; - sprintf(linename, "Line %d", lineno); + snprintf(linename, sizeof(linename), "Line %d", lineno); args[0] = linename; if (*buf == '#')