1 |
pva 08/10/06 20:00:13 |
2 |
|
3 |
Added: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch |
4 |
Log: |
5 |
Fixed chkutmp crash, bug #184962, thank barbaz for report and Stewart Gebbie for the fix. |
6 |
(Portage version: 2.2_rc11/cvs/Linux 2.6.26-gentoo-r1 i686) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch |
15 |
=================================================================== |
16 |
=== modified file 'chkutmp.c' |
17 |
--- chkutmp.c 2008-10-06 19:07:51 +0000 |
18 |
+++ chkutmp.c 2007-10-20 07:56:19 +0000 |
19 |
@@ -23,6 +23,7 @@ |
20 |
* |
21 |
* Changelog: |
22 |
* Ighighi X - Improved speed via break command - 2005/03/27 |
23 |
+ * Stewart Gebbie - fixed buffer overrun bug related to MAXREAD and UT_PIDLENGTH - 2007-10-20 |
24 |
* |
25 |
*/ |
26 |
|
27 |
@@ -42,7 +43,7 @@ |
28 |
#endif |
29 |
#include <ctype.h> |
30 |
|
31 |
-#define MAXREAD 1024 |
32 |
+#define MAXREAD 4096 |
33 |
#define MAXBUF 4096 |
34 |
#define MAXLENGTH 256 |
35 |
#define UT_PIDSIZE 12 |
36 |
@@ -57,13 +58,13 @@ |
37 |
#endif |
38 |
|
39 |
struct ps_line { |
40 |
- char ps_tty[UT_LINESIZE]; |
41 |
- char ps_user[UT_NAMESIZE]; |
42 |
- char ps_args[MAXLENGTH]; |
43 |
+ char ps_tty[UT_LINESIZE+1]; |
44 |
+ char ps_user[UT_NAMESIZE+1]; |
45 |
+ char ps_args[MAXLENGTH+1]; |
46 |
int ps_pid; |
47 |
}; |
48 |
struct utmp_line { |
49 |
- char ut_tty[UT_LINESIZE]; |
50 |
+ char ut_tty[UT_LINESIZE+1]; |
51 |
int ut_pid; |
52 |
int ut_type; |
53 |
}; |
54 |
@@ -77,7 +78,7 @@ |
55 |
int fetchps(struct ps_line *psl_p) |
56 |
{ |
57 |
FILE *ps_fp; |
58 |
- char line[MAXREAD + 1], pid[UT_PIDSIZE]; |
59 |
+ char line[MAXREAD + 1], pid[UT_PIDSIZE+1]; |
60 |
char *s, *d; |
61 |
struct ps_line *curp = &psl_p[0]; |
62 |
struct ps_line *endp = &psl_p[MAXBUF]; |
63 |
@@ -97,7 +98,7 @@ |
64 |
while (isspace(*s)) /* skip spaces */ |
65 |
s++; |
66 |
d = pid; |
67 |
- for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++) /* grab pid */ |
68 |
+ for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++) /* grab pid */ |
69 |
; |
70 |
*d = '\0'; |
71 |
curp->ps_pid = atoi(pid); |