Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer overflow in bing

From: Pierre Beyssac <pb () FASTERIX FREENIX ORG>
Date: Fri, 19 Jan 2001 20:30:01 +0100
On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:

The buffer overflowed is a 80 byte static local buffer:
      static char buf[80];


It is patched by default in FreeBSD's package collection. Here's
the patch below (author: jseger () freebsd org).

I have also issued a bugfix release including this patch, available
from http://www.freenix.org/reseau/bing-1.0.5.tar.gz

--- bing.c.orig Thu Jul 20 16:45:32 1995
+++ bing.c      Sat Mar  4 16:13:05 2000
@@ -718,13 +718,13 @@
        u_long l;
 {
        struct hostent *hp;
-       static char buf[80];
+       static char buf[MAXHOSTNAMELEN+19];

        if ((options & F_NUMERIC) ||
            !(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
-               (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
+               (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l));
        else
-               (void)sprintf(buf, "%s (%s)", hp->h_name,
+               (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
                    inet_ntoa(*(struct in_addr *)&l));
        return(buf);
 }

--
Pierre Beyssac        pb () fasterix frmug org pb () fasterix freenix org
      Linux : ceux qui n'adorent pas sont forcément des cons
    Free domains: http://www.eu.org/ or mail dns-manager () EU org
Previous By Date Next
Previous By Thread Next

Current thread: