OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pierre Beyssac (pbFASTERIX.FREENIX.ORG)
Date: Fri Jan 19 2001 - 13:30:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
    > The buffer overflowed is a 80 byte static local buffer:
    > static char buf[80];

    It is patched by default in FreeBSD's package collection. Here's
    the patch below (author: jsegerfreebsd.org).

    I have also issued a bugfix release including this patch, available
    from http://www.freenix.org/reseau/bing-1.0.5.tar.gz

    --- bing.c.orig Thu Jul 20 16:45:32 1995
    +++ bing.c Sat Mar 4 16:13:05 2000
    -718,13 +718,13
             u_long l;
     {
             struct hostent *hp;
    - static char buf[80];
    + static char buf[MAXHOSTNAMELEN+19];

             if ((options & F_NUMERIC) ||
                 !(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
    - (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
    + (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr *)&l));
             else
    - (void)sprintf(buf, "%s (%s)", hp->h_name,
    + (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
                         inet_ntoa(*(struct in_addr *)&l));
             return(buf);
     }

    --
    Pierre Beyssac	      pbfasterix.frmug.org pbfasterix.freenix.org
          Linux : ceux qui n'adorent pas sont forcément des cons
        Free domains: http://www.eu.org/ or mail dns-managerEU.org