diff options
author | roberto <roberto@FreeBSD.org> | 1997-02-20 22:16:39 +0000 |
---|---|---|
committer | roberto <roberto@FreeBSD.org> | 1997-02-20 22:16:39 +0000 |
commit | ed1608278d8aaf43796900cb3322b6b7dc804b7e (patch) | |
tree | 612a8019390eb9e5f52b3f1c13bea1a8f2ab1e56 /sbin/route/route.c | |
parent | 1affb81d5a744106d3ab9cf99738cdbf0d43c0e1 (diff) | |
download | FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.zip FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.tar.gz |
Security patch from OpenBSD: fixes potential buffer overflow in a static
buffer (so more difficult to exploit but better safe than sorry). Found
by comparing FreeBSD & OpenBSD sources/logs for the auditing process.
Reviewed by: Warner Losh
Obtained from: OpenBSD
Diffstat (limited to 'sbin/route/route.c')
-rw-r--r-- | sbin/route/route.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sbin/route/route.c b/sbin/route/route.c index 66cbfae..47923e0 100644 --- a/sbin/route/route.c +++ b/sbin/route/route.c @@ -1023,7 +1023,7 @@ ns_print(sns) struct ns_addr work; union { union ns_net net_e; u_long long_e; } net; u_short port; - static char mybuf[50], cport[10], chost[25]; + static char mybuf[50+MAXHOSTNAMELEN], cport[10], chost[25]; char *host = ""; register char *p; register u_char *q; @@ -1056,7 +1056,8 @@ ns_print(sns) else *cport = 0; - (void) sprintf(mybuf,"%lxH.%s%s", (unsigned long)ntohl(net.long_e), + (void) snprintf(mybuf, sizeof(mybuf), "%lxH.%s%s", + (unsigned long)ntohl(net.long_e), host, cport); return (mybuf); } |