38 lines
1004 B
Plaintext
38 lines
1004 B
Plaintext
$OpenBSD: patch-attach_c,v 1.2 2012/07/18 11:15:30 jasper Exp $
|
|
|
|
Last chunk:
|
|
Security fix for CVE-2012-3368
|
|
Memory portion (random stack data) disclosure to the client by unclean client disconnect
|
|
|
|
Patch from upstream CVS.
|
|
|
|
--- attach.c.orig Thu Jan 31 06:59:54 2008
|
|
+++ attach.c Wed Jul 18 13:13:39 2012
|
|
@@ -56,7 +56,7 @@ connect_socket(char *name)
|
|
if (s < 0)
|
|
return -1;
|
|
sockun.sun_family = AF_UNIX;
|
|
- strcpy(sockun.sun_path, name);
|
|
+ strlcpy(sockun.sun_path, name, sizeof(sockun.sun_path));
|
|
if (connect(s, (struct sockaddr*)&sockun, sizeof(sockun)) < 0)
|
|
{
|
|
close(s);
|
|
@@ -237,12 +237,15 @@ attach_main(int noerror)
|
|
/* stdin activity */
|
|
if (n > 0 && FD_ISSET(0, &readfds))
|
|
{
|
|
+ ssize_t len;
|
|
+
|
|
pkt.type = MSG_PUSH;
|
|
memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
|
|
- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
|
|
+ len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
|
|
|
|
- if (pkt.len <= 0)
|
|
+ if (len <= 0)
|
|
exit(1);
|
|
+ pkt.len = len;
|
|
process_kbd(s, &pkt);
|
|
n--;
|
|
}
|