This is a setuid root binary. sprintf()s of DNS hostnames into undersized
buffers are bad. Fix this. It should also drop privileges for extra safety, but doesn't.
This commit is contained in:
Kris Kennaway
parent
d49706beb3
commit
f8f4645dd1
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=26554
19
net/bing/files/patch-aa
Normal file
19
net/bing/files/patch-aa
Normal file
@ -0,0 +1,19 @@
|
||||
--- bing.c.orig Thu Jul 20 16:45:32 1995
|
||||
+++ bing.c Sat Mar 4 16:13:05 2000
|
||||
@@ -718,13 +718,13 @@
|
||||
u_long l;
|
||||
{
|
||||
struct hostent *hp;
|
||||
- static char buf[80];
|
||||
+ static char buf[MAXHOSTNAMELEN+19];
|
||||
|
||||
if ((options & F_NUMERIC) ||
|
||||
!(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
|
||||
- (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
|
||||
+ (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l));
|
||||
else
|
||||
- (void)sprintf(buf, "%s (%s)", hp->h_name,
|
||||
+ (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
|
||||
inet_ntoa(*(struct in_addr *)&l));
|
||||
return(buf);
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user