Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Jorge Manuel B. S. Vicetto (jmbsvicetto)" <jmbsvicetto@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-misc/vde/files: vde-2.2.2-slirpvde-buffer-overflow.patch
Date: Mon, 06 Apr 2009 19:02:08
Message-Id: E1Lqu58-0002xw-Vq@stork.gentoo.org
1 jmbsvicetto 09/04/06 19:02:06
2
3 Added: vde-2.2.2-slirpvde-buffer-overflow.patch
4 Log:
5 Added patch to fix the buffer overflow that kills slirpvde under fortify.
6 (Portage version: 2.2_rc28/cvs/Linux x86_64)
7
8 Revision Changes Path
9 1.1 net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch?rev=1.1&content-type=text/plain
13
14 Index: vde-2.2.2-slirpvde-buffer-overflow.patch
15 ===================================================================
16 From d466d77be6ec40d8d7d96050fbee5e17e7c61af9 Mon Sep 17 00:00:00 2001
17 From: Ludwig Nussel <ludwig.nussel@××××.de>
18 Date: Tue, 30 Sep 2008 16:59:01 +0200
19 Subject: [PATCH] fix static buffer overflows
20
21 ---
22 src/slirpvde/slirpvde.c | 12 +++++++-----
23 1 files changed, 7 insertions(+), 5 deletions(-)
24
25 diff --git a/src/slirpvde/slirpvde.c b/src/slirpvde/slirpvde.c
26 index 47512ca..016aa45 100644
27 --- a/src/slirpvde/slirpvde.c
28 +++ b/src/slirpvde/slirpvde.c
29 @@ -53,7 +53,7 @@
30 VDECONN *conn;
31 int dhcpmgmt=0;
32 static char *pidfile = NULL;
33 -static char pidfile_path[_POSIX_PATH_MAX];
34 +static char pidfile_path[PATH_MAX];
35 int logok=0;
36 char *prog;
37 extern FILE *lfd;
38 @@ -78,9 +78,11 @@ void printlog(int priority, const char *format, ...)
39 static void save_pidfile()
40 {
41 if(pidfile[0] != '/')
42 - strncat(pidfile_path, pidfile, PATH_MAX - strlen(pidfile_path));
43 - else
44 - strcpy(pidfile_path, pidfile);
45 + strncat(pidfile_path, pidfile, sizeof(pidfile_path) - strlen(pidfile_path) -1);
46 + else {
47 + pidfile_path[0] = 0;
48 + strncat(pidfile_path, pidfile, sizeof(pidfile_path)-1);
49 + }
50
51 int fd = open(pidfile_path,
52 O_WRONLY | O_CREAT | O_EXCL,
53 @@ -433,7 +435,7 @@ int main(int argc, char **argv)
54 exit(1);
55 }
56
57 - strcat(pidfile_path, "/");
58 + strncat(pidfile_path, "/", sizeof(pidfile_path) - strlen(pidfile_path) -1);
59 if (daemonize && daemon(0, 0)) {
60 printlog(LOG_ERR,"daemon: %s",strerror(errno));
61 exit(1);
62 --
63 1.5.6
Report Message
Find on MARC Find on Google Groups