Project

General

Profile

Submit #1753

Updated by tuxillo about 9 years ago

FreeBSD commit notes: 

 

 "fix a buffer overflow with large (100k+) number of input lines." 

 

 --- /usr/src/sbin/ipfw/ipfw2.c 	 2010-02-23 09:32:26 -0800 
 
 +++ ipfw2.c 	 2010-04-29 23:36:44 -0700 
 
 @@ -3494,7 +3494,7 @@ 
  
  #define WHITESP 		 " \t\f\v\n\r" 
 	 
 	 char 	 buf[BUFSIZ]; 
 	 
 	 char 	 *a, *p, *args[MAX_ARGS], *cmd = NULL; 
 
 - 	 char 	 linename[10]; 
 
 + 	 char 	 linename[20]; 
 	 
 	 int 	 i=0, lineno=0, qflag=0, pflag=0, status; 
 	 
 	 FILE 	 *f = NULL; 
 	 
 	 pid_t 	 preproc = 0; 
 
 @@ -3586,7 +3586,7 @@ 
 
 	 
 
 	 while (fgets(buf, BUFSIZ, f)) { 
 		 
 		 lineno++; 
 
 - 		 sprintf(linename, "Line %d", lineno); 
 
 + 		 snprintf(linename, sizeof(linename), "Line %d", lineno); 
 		 
 		 args[0] = linename; 
 
 		 
 
 		 if (*buf == '#')

Back