FreeBSD Bugzilla – Attachment 204501 Details for
Bug 238013
Fix buffer overrun in function dname_labeldec in usr.sbin/rtadvctl/rtadvctl.c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
0001-rtadvctl-fix-buffer-overrun.patch (text/plain), 972 bytes, created by
Young
on 2019-05-21 07:04:54 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Young
Created:
2019-05-21 07:04:54 UTC
Size:
972 bytes
patch
obsolete
>From e2d76d2739d6d4507d654d7ffc237d59d5e68aa3 Mon Sep 17 00:00:00 2001 >From: Young Xiao <92siuyang@gmail.com> >Date: Tue, 21 May 2019 14:57:31 +0800 >Subject: [PATCH] rtadvctl: fix buffer overrun. > >See commit a9647f4732da ("Fix buffer overrun.") for details. > >Signed-off-by: Young Xiao <92siuyang@gmail.com> >--- > usr.sbin/rtadvctl/rtadvctl.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/usr.sbin/rtadvctl/rtadvctl.c b/usr.sbin/rtadvctl/rtadvctl.c >index 556f9ac..c6d6c43 100644 >--- a/usr.sbin/rtadvctl/rtadvctl.c >+++ b/usr.sbin/rtadvctl/rtadvctl.c >@@ -926,7 +926,8 @@ dname_labeldec(char *dst, size_t dlen, const char *src) > dst_origin = dst; > memset(dst, '\0', dlen); > while (src && (len = (uint8_t)(*src++) & 0x3f) && >- (src + len) <= src_last) { >+ (src + len) <= src_last && >+ (dst - dst_origin < (ssize_t)dlen)) { > if (dst != dst_origin) > *dst++ = '.'; > mysyslog(LOG_DEBUG, "<%s> labellen = %zd", __func__, len); >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 238013
: 204501