diff options
| author | Ollivier Robert <roberto@FreeBSD.org> | 1997-02-20 22:16:39 +0000 |
|---|---|---|
| committer | Ollivier Robert <roberto@FreeBSD.org> | 1997-02-20 22:16:39 +0000 |
| commit | a14390ccec36f2d3676c5fbd97f2a137a9e543df (patch) | |
| tree | 612a8019390eb9e5f52b3f1c13bea1a8f2ab1e56 | |
| parent | 7e05e70c2cf0defd90252ed9bab9861f9c219e51 (diff) | |
| download | src-a14390ccec36f2d3676c5fbd97f2a137a9e543df.tar.gz src-a14390ccec36f2d3676c5fbd97f2a137a9e543df.zip | |
Security patch from OpenBSD: fixes potential buffer overflow in a static
buffer (so more difficult to exploit but better safe than sorry). Found
by comparing FreeBSD & OpenBSD sources/logs for the auditing process.
Reviewed by: Warner Losh
Obtained from: OpenBSD
Notes
Notes:
svn path=/head/; revision=22953
| -rw-r--r-- | sbin/route/route.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sbin/route/route.c b/sbin/route/route.c index 66cbfae097dc..47923e0b22ee 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -1023,7 +1023,7 @@ ns_print(sns) struct ns_addr work; union { union ns_net net_e; u_long long_e; } net; u_short port; - static char mybuf[50], cport[10], chost[25]; + static char mybuf[50+MAXHOSTNAMELEN], cport[10], chost[25]; char *host = ""; register char *p; register u_char *q; @@ -1056,7 +1056,8 @@ ns_print(sns) else *cport = 0; - (void) sprintf(mybuf,"%lxH.%s%s", (unsigned long)ntohl(net.long_e), + (void) snprintf(mybuf, sizeof(mybuf), "%lxH.%s%s", + (unsigned long)ntohl(net.long_e), host, cport); return (mybuf); } |