Bugtraq mailing list archives
Re: Buffer overflow in bing
From: Pierre Beyssac <pb () FASTERIX FREENIX ORG>
Date: Fri, 19 Jan 2001 20:30:01 +0100
On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
The buffer overflowed is a 80 byte static local buffer: static char buf[80];
It is patched by default in FreeBSD's package collection. Here's the patch below (author: jseger () freebsd org). I have also issued a bugfix release including this patch, available from http://www.freenix.org/reseau/bing-1.0.5.tar.gz --- bing.c.orig Thu Jul 20 16:45:32 1995 +++ bing.c Sat Mar 4 16:13:05 2000 @@ -718,13 +718,13 @@ u_long l; { struct hostent *hp; - static char buf[80]; + static char buf[MAXHOSTNAMELEN+19]; if ((options & F_NUMERIC) || !(hp = gethostbyaddr((char *)&l, 4, AF_INET))) - (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l)); + (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l)); else - (void)sprintf(buf, "%s (%s)", hp->h_name, + (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, inet_ntoa(*(struct in_addr *)&l)); return(buf); } -- Pierre Beyssac pb () fasterix frmug org pb () fasterix freenix org Linux : ceux qui n'adorent pas sont forcément des cons Free domains: http://www.eu.org/ or mail dns-manager () EU org
Current thread:
- Buffer overflow in bing Paul Starzetz (Jan 22)
- Re: Buffer overflow in bing Pierre Beyssac (Jan 22)
- Re: Buffer overflow in bing Kris Kennaway (Jan 23)
- Re: Buffer overflow in bing Pierre Beyssac (Jan 22)