d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit the risk of `buf' overrun in ping.c when printing hostnames.

Browse Source 
Note, this is not really a security risk, because the buffer in question
is a static variable in the data segment and not on the stack, and hence
cannot subert the flow of execution in any way.  About the worst case was
that if you pinged a long hostname, ping could coredump.

Pointed out on: bugtraq  (listserv@netspace.org)
This commit is contained in:
Peter Wemm 1996-07-28 20:29:10 +00:00
parent ef1c2ba16f
commit efa3853949
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=17320
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sbin/ping/ping.c
View File

@ -959,9 +959,10 @@ pr_addr(l)
if ((options & F_NUMERIC) ||
!(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
(void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
(void)snprintf(buf, sizeof(buf), "%s",
inet_ntoa(*(struct in_addr *)&l));
else
(void)sprintf(buf, "%s (%s)", hp->h_name,
(void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
inet_ntoa(*(struct in_addr *)&l));
return(buf);
}