d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Buffer overflow in wall(1).

Browse Source 
This affected syslogd, wall and talkd.
Detected by FORTIFY_SOURCE GSoC (with clang).

Submitted by:	Oliver Pinter
Differential Revision:	https://reviews.freebsd.org/D3254
Reviewed by:	delphij, jmg
MFC after:	3 days
This commit is contained in:
Pedro F. Giffuni 2015-07-31 01:12:31 +00:00
parent 42e5fcbf2b
commit 479184e919
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=286102
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.bin/wall/ttymsg.c
View File

@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
struct iovec localiov[7];
ssize_t left, wret;
int cnt, fd;
static char device[MAXNAMLEN] = _PATH_DEV;
char device[MAXNAMLEN] = _PATH_DEV;
static char errbuf[1024];
char *p;
int forked;
@ -71,8 +71,8 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0])))
return ("too many iov's (change code in wall/ttymsg.c)");
strlcat(device, line, sizeof(device));
p = device + sizeof(_PATH_DEV) - 1;
strlcpy(p, line, sizeof(device));
if (strncmp(p, "pts/", 4) == 0)
p += 4;
if (strchr(p, '/') != NULL) {