diff options
| author | kris <kris@FreeBSD.org> | 2000-03-05 05:30:54 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-03-05 05:30:54 +0000 |
| commit | c5b2ed4ecc372df1f14032f52dc6d80b8b91373c (patch) | |
| tree | 4b5253ae3774214e2cf0f124a3969b30cdfb10df | |
| parent | 7e5122550577a5a01663576719401ee23a7d7c5e (diff) | |
| download | FreeBSD-ports-c5b2ed4ecc372df1f14032f52dc6d80b8b91373c.zip FreeBSD-ports-c5b2ed4ecc372df1f14032f52dc6d80b8b91373c.tar.gz | |
This is a setuid root binary. sprintf()s of DNS hostnames into undersized
buffers are bad. Fix this. It should also drop privileges for extra
safety, but doesn't.
| -rw-r--r-- | net/bing/files/patch-aa | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/bing/files/patch-aa b/net/bing/files/patch-aa new file mode 100644 index 0000000..71b0978 --- /dev/null +++ b/net/bing/files/patch-aa @@ -0,0 +1,19 @@ +--- bing.c.orig Thu Jul 20 16:45:32 1995 ++++ bing.c Sat Mar 4 16:13:05 2000 +@@ -718,13 +718,13 @@ + u_long l; + { + struct hostent *hp; +- static char buf[80]; ++ static char buf[MAXHOSTNAMELEN+19]; + + if ((options & F_NUMERIC) || + !(hp = gethostbyaddr((char *)&l, 4, AF_INET))) +- (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l)); ++ (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l)); + else +- (void)sprintf(buf, "%s (%s)", hp->h_name, ++ (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, + inet_ntoa(*(struct in_addr *)&l)); + return(buf); + } |
