cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6b4f0ce9ae
openbsd-ports/net/tcpflow/patches/patch-src_util_c
jolan dd7a4aa7aa Update to 0.21, fixes a format string vulnerability: 
http://www.atstake.com/research/advisories/2003/a080703-2.txt

Not exploitable as it is not installed setuid root.

from MAINTAINER.
2003-08-12 00:59:46 +00:00

22 lines
793 B
Plaintext
Raw Blame History

$OpenBSD: patch-src_util_c,v 1.1 2003/08/12 00:59:47 jolan Exp $
--- src/util.c.orig Wed Aug 8 12:39:40 2001
+++ src/util.c Mon Aug 11 11:06:15 2003
@@ -65,7 +65,7 @@ void *check_malloc(size_t size)
void init_debug(char *argv[])
{
debug_prefix = MALLOC(char, strlen(argv[0]) + 16);
- sprintf(debug_prefix, "%s[%d]", argv[0], (int) getpid());
+ snprintf(debug_prefix, (strlen(argv[0]) +16), "%s[%d]", argv[0], (int) getpid());
}
@@ -144,7 +144,7 @@ char *flow_filename(flow_t flow)
ring_pos = (ring_pos + 1) % RING_SIZE;
- sprintf(ring_buffer[ring_pos],
+ snprintf(ring_buffer[ring_pos], sizeof(ring_buffer[ring_pos]),
"%03d.%03d.%03d.%03d.%05d-%03d.%03d.%03d.%03d.%05d",
(u_int8_t) ((flow.src & 0xff000000) >> 24),
(u_int8_t) ((flow.src & 0x00ff0000) >> 16),
Reference in New Issue View Git Blame Copy Permalink