Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

scanf overflow

From: davids () secnet com (David Sacerdote)
Date: Mon, 16 Dec 1996 13:21:09 -0700

Here is a patch I wrote for the Vixie Cron 2.1 scanf overflow, and sent to
Paul Vixie in September.  It works because the buffer sscanf is reading
can be no longer than MAX_ENVSTR characters because the crontab file is
read using a modified fgets.  The paranoid can replace %s with %1000s in
the scanf format string as well.
                 David Sacerdote

*** env.c       Sun Dec 15 15:35:04 1996
--- env.c       Sun Dec 15 15:34:54 1996
***************
*** 137,143 ****
  {
        long    filepos;
        int     fileline;
!       char    name[MAX_TMPSTR], val[MAX_ENVSTR];
        int     fields;

        filepos = ftell(f);
--- 137,143 ----
  {
        long    filepos;
        int     fileline;
!       char    name[MAX_ENVSTR], val[MAX_ENVSTR];
        int     fields;

        filepos = ftell(f);


----
The contents of this message are my personal thoughts, not those of my
employer.
Previous By Date Next
Previous By Thread Next

Current thread: