FreeBSD Bugzilla – Attachment 606 Details for
Bug 2586
various buffer overflow fixes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 10.96 KB, created by
Julian Assange
on 1997-01-25 19:50:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Julian Assange
Created:
1997-01-25 19:50:01 UTC
Size:
10.96 KB
patch
obsolete
>--- src/usr.sbin/syslogd/syslogd.c~ Sun Jan 26 05:50:01 1997 >+++ src/usr.sbin/syslogd/syslogd.c Sun Jan 26 05:50:01 1997 >@@ -1155,7 +1155,7 @@ > sizeof(f->f_un.f_forw.f_addr)); > f->f_un.f_forw.f_addr.sin_family = AF_INET; > f->f_un.f_forw.f_addr.sin_port = LogPort; >- memmove(&f->f_un.f_forw.f_addr.sin_addr, hp->h_addr, hp->h_length); >+ memmove(&f->f_un.f_forw.f_addr.sin_addr, hp->h_addr, MIN(hp->h_length,sizeof(struct in_addr)); > f->f_type = F_FORW; > break; > >--- src/usr.sbin/ppp/ipcp.c~ Sun Jan 26 05:52:32 1997 >+++ src/usr.sbin/ppp/ipcp.c Sun Jan 26 05:52:32 1997 >@@ -151,7 +151,7 @@ > if (gethostname(name, sizeof(name)) == 0) { > hp = gethostbyname(name); > if (hp && hp->h_addrtype == AF_INET) { >- bcopy(hp->h_addr, (char *)&DefMyAddress.ipaddr.s_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&DefMyAddress.ipaddr.s_addr, MIN(hp->h_length, sizeof DefMyAddress.ipaddr.s_addr)); > } > } > } >--- src/usr.sbin/ppp/command.c~ Sun Jan 26 05:51:17 1997 >+++ src/usr.sbin/ppp/command.c Sun Jan 26 05:51:18 1997 >@@ -797,7 +797,7 @@ > > hp = gethostbyname(cp); > if (hp && hp->h_addrtype == AF_INET) >- bcopy(hp->h_addr, &ipaddr, hp->h_length); >+ bcopy(hp->h_addr, &ipaddr, MIN(hp->h_length, sizeof ipaddr)); > else if (inet_aton(cp, &ipaddr) == 0) > ipaddr.s_addr = 0; > return(ipaddr); >--- src/usr.bin/whois/whois.c~ Sun Jan 26 05:53:49 1997 >+++ src/usr.bin/whois/whois.c Sun Jan 26 05:53:49 1997 >@@ -97,7 +97,7 @@ > } > bzero((caddr_t)&sin, sizeof (sin)); > sin.sin_family = hp->h_addrtype; >- bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&sin.sin_addr, MIN(hp->h_length, sin.sin_addr)); > sp = getservbyname("whois", "tcp"); > if (sp == NULL) { > (void)fprintf(stderr, "whois: whois/tcp: unknown service\n"); >--- src/usr.bin/telnet/commands.c~ Sun Jan 26 06:00:52 1997 >+++ src/usr.bin/telnet/commands.c Sun Jan 26 06:00:52 1997 >@@ -2200,9 +2200,9 @@ > sin.sin_family = host->h_addrtype; > #if defined(h_addr) /* In 4.3, this is a #define */ > memmove((caddr_t)&sin.sin_addr, >- host->h_addr_list[0], host->h_length); >+ host->h_addr_list[0], MIN(host->h_length, sizeof sin.sin_addr)); > #else /* defined(h_addr) */ >- memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); >+ memmove((caddr_t)&sin.sin_addr, host->h_addr, MIN(host->h_length, sizeof sin.sin_addr)); > #endif /* defined(h_addr) */ > strncpy(_hostname, host->h_name, sizeof(_hostname)); > _hostname[sizeof(_hostname)-1] = '\0'; >@@ -2294,7 +2294,7 @@ > perror((char *)0); > host->h_addr_list++; > memcpy((caddr_t)&sin.sin_addr, >- host->h_addr_list[0], host->h_length); >+ host->h_addr_list[0], MIN(host->h_length, sizeof sin.sin_addr)); > (void) NetClose(net); > continue; > } >@@ -2779,9 +2779,9 @@ > } else if (host = gethostbyname(cp)) { > #if defined(h_addr) > memcpy((caddr_t)&sin_addr, >- host->h_addr_list[0], host->h_length); >+ host->h_addr_list[0], MIN(host->h_length, sizeof sin_addr)); > #else >- memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length); >+ memcpy((caddr_t)&sin_addr, host->h_addr, MIN(host->h_length, sizeof sin_addr)); > #endif > } else { > *cpp = cp; >--- src/usr.bin/talk/get_addrs.c~ Sun Jan 26 06:01:50 1997 >+++ src/usr.bin/talk/get_addrs.c Sun Jan 26 06:01:50 1997 >@@ -56,7 +56,7 @@ > herror((char *)NULL); > exit(-1); > } >- bcopy(hp->h_addr, (char *) &his_machine_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *) &his_machine_addr, MIN(hp->h_length, sizeof his_machine_addr)); > if (get_iface(&his_machine_addr, &my_machine_addr) == -1) { > perror("failed to find my interface address"); > exit(-1); >--- src/usr.bin/rpcinfo/rpcinfo.c~ Sun Jan 26 06:03:10 1997 >+++ src/usr.bin/rpcinfo/rpcinfo.c Sun Jan 26 06:03:59 1997 >@@ -494,7 +494,7 @@ > server_addr.sin_family = AF_INET; > if ((hp = gethostbyname("localhost")) != NULL) > bcopy(hp->h_addr, (caddr_t)&server_addr.sin_addr, >- hp->h_length); >+ MIN(hp->h_length, sizeof server_addr.sin_addr)); > else > server_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); > } >@@ -660,7 +660,7 @@ > fprintf(stderr, "rpcinfo: %s is unknown host\n", host); > exit(1); > } >- bcopy(hp->h_addr, (char *)&addr->sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&addr->sin_addr, MIN(hp->h_length, sizeof addr->sin_addr)); > } > addr->sin_family = AF_INET; > } >--- src/usr.bin/quota/quota.c~ Sun Jan 26 06:04:50 1997 >+++ src/usr.bin/quota/quota.c Sun Jan 26 06:04:50 1997 >@@ -702,7 +702,7 @@ > return ((int) RPC_UNKNOWNHOST); > timeout.tv_usec = 0; > timeout.tv_sec = 6; >- bcopy(hp->h_addr, &server_addr.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, &server_addr.sin_addr, MIN(hp->h_length, sizeof server_addr.sin_addr)); > server_addr.sin_family = AF_INET; > server_addr.sin_port = 0; > >--- src/usr.bin/ftp/ftp.c~ Sun Jan 26 06:07:33 1997 >+++ src/usr.bin/ftp/ftp.c Sun Jan 26 06:07:33 1997 >@@ -86,7 +86,7 @@ > { > struct hostent *hp = 0; > int s, len, tos; >- static char hostnamebuf[80]; >+ static char hostnamebuf[128]; > > memset((char *)&hisctladdr, 0, sizeof (hisctladdr)); > hisctladdr.sin_addr.s_addr = inet_addr(host); >@@ -102,8 +102,9 @@ > } > hisctladdr.sin_family = hp->h_addrtype; > memmove((caddr_t)&hisctladdr.sin_addr, >- hp->h_addr_list[0], hp->h_length); >+ hp->h_addr_list[0], MIN(hp->h_length, sizeof hisctladdr.sin_addr)); > (void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); >+ hostnamebuf[sizeof hostnamebuf]='\0'; > } > hostname = hostnamebuf; > s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); >@@ -123,7 +124,7 @@ > warn("connect to address %s", ia); > hp->h_addr_list++; > memmove((caddr_t)&hisctladdr.sin_addr, >- hp->h_addr_list[0], hp->h_length); >+ hp->h_addr_list[0], MIN(hp->h_length, sizeof hisctladdr.sin_addr)); > fprintf(stdout, "Trying %s...\n", > inet_ntoa(hisctladdr.sin_addr)); > (void) close(s); >--- src/usr.bin/finger/net.c~ Sun Jan 26 06:08:49 1997 >+++ src/usr.bin/finger/net.c Sun Jan 26 06:08:49 1997 >@@ -91,7 +91,7 @@ > return; > } > sin.sin_family = hp->h_addrtype; >- bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&sin.sin_addr, MIN(hp->h_length, sizeof sin.sin_addr)); > sin.sin_port = sp->s_port; > if ((s = socket(hp->h_addrtype, SOCK_STREAM, 0)) < 0) { > perror("finger: socket"); >--- src/usr.bin/fetch/main.c~ Sun Jan 26 06:09:37 1997 >+++ src/usr.bin/fetch/main.c Sun Jan 26 06:11:06 1997 >@@ -30,6 +30,7 @@ > #include <sys/socket.h> > #include <sys/stat.h> > #include <sys/time.h> >+#include <sys/param.h> > #include <stdlib.h> > #include <stdio.h> > #include <string.h> >@@ -740,7 +741,7 @@ > if (!h) > err (1, "could not lookup host %s.", host); > sin.sin_family = h->h_addrtype; >- bcopy(h->h_addr, (char *)&sin.sin_addr, h->h_length); >+ bcopy(h->h_addr, (char *)&sin.sin_addr, MIN(h->h_length, sizeof sin.sin_addr)); > } > sin.sin_port = htons (http_port); > if ((s = socket (sin.sin_family, SOCK_STREAM, 0)) < 0) >--- src/sbin/umount/umount.c~ Sun Jan 26 06:13:33 1997 >+++ src/sbin/umount/umount.c Sun Jan 26 06:13:33 1997 >@@ -250,7 +250,7 @@ > memset(&saddr, 0, sizeof(saddr)); > saddr.sin_family = AF_INET; > saddr.sin_port = 0; >- memmove(&saddr.sin_addr, hp->h_addr, hp->h_length); >+ memmove(&saddr.sin_addr, hp->h_addr, MIN(hp->h_length, sizeof saddr.sin_addr)); > pertry.tv_sec = 3; > pertry.tv_usec = 0; > so = RPC_ANYSOCK; >--- src/sbin/route/route.c~ Sun Jan 26 06:15:05 1997 >+++ src/sbin/route/route.c Sun Jan 26 06:15:05 1997 >@@ -725,7 +725,7 @@ > if (af == AF_INET && *gateway && hp && hp->h_addr_list[1]) { > hp->h_addr_list++; > bcopy(hp->h_addr_list[0], &so_gate.sin.sin_addr, >- hp->h_length); >+ MIN(hp->h_length, sizeof so_gate.sin.sin_addr)); > } else > break; > } >@@ -989,7 +989,7 @@ > if (hp) { > *hpp = hp; > su->sin.sin_family = hp->h_addrtype; >- bcopy(hp->h_addr, (char *)&su->sin.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&su->sin.sin_addr, MIN(hp->h_length, sizeof su->sin.sin_addr)); > return (1); > } > errx(EX_NOHOST, "bad address: %s", s); >--- src/sbin/ping/ping.c~ Sun Jan 26 05:12:34 1997 >+++ src/sbin/ping/ping.c Sun Jan 26 05:13:24 1997 >@@ -305,7 +305,7 @@ > exit(1); > } > to->sin_family = hp->h_addrtype; >- bcopy(hp->h_addr, (caddr_t)&to->sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (caddr_t)&to->sin_addr, MIN(hp->h_length, sizeof to->sin_addr)); > (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); > hostname = hnamebuf; > } >--- src/sbin/mount_nfs/mount_nfs.c~ Sun Jan 26 06:18:39 1997 >+++ src/sbin/mount_nfs/mount_nfs.c Sun Jan 26 06:18:39 1997 >@@ -609,7 +609,7 @@ > return (0); > } > } else if ((hp = gethostbyname(hostp)) != NULL) { >- bcopy(hp->h_addr, (caddr_t)&saddr.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (caddr_t)&saddr.sin_addr, MIN(hp->h_length, sizeof saddr.sin_addr)); > } else { > warnx("can't get net id for host"); > return (0); >@@ -621,7 +621,7 @@ > warnx("can't reverse resolve net address"); > return (0); > } >- bcopy(hp->h_addr, (caddr_t)&saddr.sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (caddr_t)&saddr.sin_addr, MIN(hp->h_length, sizeof saddr.sin_addr)); > strncpy(inst, hp->h_name, INST_SZ); > inst[INST_SZ - 1] = '\0'; > if (cp = strchr(inst, '.')) >--- src/sbin/ifconfig/ifconfig.c~ Sun Jan 26 06:19:44 1997 >+++ src/sbin/ifconfig/ifconfig.c Sun Jan 26 06:19:44 1997 >@@ -969,7 +969,7 @@ > if (inet_aton(s, &sin->sin_addr)) > return; > if ((hp = gethostbyname(s)) != 0) >- bcopy(hp->h_addr, (char *)&sin->sin_addr, hp->h_length); >+ bcopy(hp->h_addr, (char *)&sin->sin_addr, MIN(hp->h_length, sizeof sin->sin_addr)); > else if ((np = getnetbyname(s)) != 0) > sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); > else >--- src/libexec/mail.local/mail.local.c~ Sun Jan 26 06:21:55 1997 >+++ src/libexec/mail.local/mail.local.c Sun Jan 26 06:21:55 1997 >@@ -346,7 +346,7 @@ > return; > } > addr.sin_family = hp->h_addrtype; >- memmove(&addr.sin_addr, hp->h_addr, hp->h_length); >+ memmove(&addr.sin_addr, hp->h_addr, MIN(hp->h_length, sizeof addr.sin_addr)); > addr.sin_port = sp->s_port; > } > if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { >--- src/lib/libskey/skeyaccess.c~ Sun Jan 26 06:25:21 1997 >+++ src/lib/libskey/skeyaccess.c Sun Jan 26 06:25:21 1997 >@@ -408,12 +408,11 @@ > > for (i = 0; i < MAX_ADDR && hp->h_addr_list[i]; i++) > memcpy((char *) &list[i], >- hp->h_addr_list[i], hp->h_length); >+ hp->h_addr_list[i], (length=MIN(hp->h_length, sizeof (struct in_addr))); > list[i].s_addr = 0; > > strncpy(buf, hp->h_name, MAXHOSTNAMELEN); > buf[MAXHOSTNAMELEN] = 0; >- length = hp->h_length; > > /* > * Wipe addresses that appear to belong to someone else. We will get >--- src/lib/libftpio/ftpio.c~ Sun Jan 26 06:40:59 1997 >+++ src/lib/libftpio/ftpio.c Sun Jan 26 06:26:37 1997 >@@ -35,6 +35,7 @@ > #include <stdlib.h> > #include <string.h> > #include <unistd.h> >+#include <sys/param.h> > > #define SUCCESS 0 > #define FAILURE -1 >@@ -701,7 +702,7 @@ > return FAILURE; > } > ftp->addrtype = sin.sin_family = he->h_addrtype; >- bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); >+ bcopy(he->h_addr, (char *)&sin.sin_addr, MIN(he->h_length, sizeof sin.sin_addr)); > } > > sin.sin_port = htons(port);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=606">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2586
: 606