Security patch from OpenBSD: fixes potential buffer overflow in a static

buffer (so more difficult to exploit but better safe than sorry). Found by comparing FreeBSD & OpenBSD sources/logs for the auditing process. Reviewed by: Warner Losh Obtained from: OpenBSD
author: roberto <roberto@FreeBSD.org> 1997-02-20 22:16:39 +0000
committer: roberto <roberto@FreeBSD.org> 1997-02-20 22:16:39 +0000
commit: ed1608278d8aaf43796900cb3322b6b7dc804b7e (patch)
tree: 612a8019390eb9e5f52b3f1c13bea1a8f2ab1e56 /sbin/route
parent: 1affb81d5a744106d3ab9cf99738cdbf0d43c0e1 (diff)
download: FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.zip
FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sbin/route/route.c b/sbin/route/route.c
index 66cbfae..47923e0 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@@ -1023,7 +1023,7 @@ ns_print(sns)
 	struct ns_addr work;
 	union { union ns_net net_e; u_long long_e; } net;
 	u_short port;
-	static char mybuf[50], cport[10], chost[25];
+	static char mybuf[50+MAXHOSTNAMELEN], cport[10], chost[25];
 	char *host = "";
 	register char *p;
 	register u_char *q;
@@ -1056,7 +1056,8 @@ ns_print(sns)
 	else
 		*cport = 0;
 
-	(void) sprintf(mybuf,"%lxH.%s%s", (unsigned long)ntohl(net.long_e),
+	(void) snprintf(mybuf, sizeof(mybuf), "%lxH.%s%s", 
+                    (unsigned long)ntohl(net.long_e),
 		       host, cport);
 	return (mybuf);
 }
author	roberto <roberto@FreeBSD.org>	1997-02-20 22:16:39 +0000
committer	roberto <roberto@FreeBSD.org>	1997-02-20 22:16:39 +0000
commit	ed1608278d8aaf43796900cb3322b6b7dc804b7e (patch)
tree	612a8019390eb9e5f52b3f1c13bea1a8f2ab1e56 /sbin/route
parent	1affb81d5a744106d3ab9cf99738cdbf0d43c0e1 (diff)
download	FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.zip FreeBSD-src-ed1608278d8aaf43796900cb3322b6b7dc804b7e.tar.gz