On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
> The buffer overflowed is a 80 byte static local buffer:
> static char buf[80];

It is patched by default in FreeBSD's package collection. Here's
the patch below (author: jsegerfreebsd.org).

I have also issued a bugfix release including this patch, available
from http://www.freenix.org/reseau/bing-1.0.5.tar.gz

--- bing.c.orig Thu Jul 20 16:45:32 1995
+++ bing.c Sat Mar 4 16:13:05 2000
-718,13 +718,13
         u_long l;
 {
         struct hostent *hp;
- static char buf[80];
+ static char buf[MAXHOSTNAMELEN+19];

         if ((options & F_NUMERIC) ||
             !(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
- (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
+ (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l));
         else
- (void)sprintf(buf, "%s (%s)", hp->h_name,
+ (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
                     inet_ntoa(*(struct in_addr *)&l));
         return(buf);
 }

--
Pierre Beyssac	      pbfasterix.frmug.org pbfasterix.freenix.org
      Linux : ceux qui n'adorent pas sont forcément des cons
    Free domains: http://www.eu.org/ or mail dns-managerEU.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]