1 |
jmbsvicetto 09/04/06 19:02:06 |
2 |
|
3 |
Added: vde-2.2.2-slirpvde-buffer-overflow.patch |
4 |
Log: |
5 |
Added patch to fix the buffer overflow that kills slirpvde under fortify. |
6 |
(Portage version: 2.2_rc28/cvs/Linux x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/vde/files/vde-2.2.2-slirpvde-buffer-overflow.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: vde-2.2.2-slirpvde-buffer-overflow.patch |
15 |
=================================================================== |
16 |
From d466d77be6ec40d8d7d96050fbee5e17e7c61af9 Mon Sep 17 00:00:00 2001 |
17 |
From: Ludwig Nussel <ludwig.nussel@××××.de> |
18 |
Date: Tue, 30 Sep 2008 16:59:01 +0200 |
19 |
Subject: [PATCH] fix static buffer overflows |
20 |
|
21 |
--- |
22 |
src/slirpvde/slirpvde.c | 12 +++++++----- |
23 |
1 files changed, 7 insertions(+), 5 deletions(-) |
24 |
|
25 |
diff --git a/src/slirpvde/slirpvde.c b/src/slirpvde/slirpvde.c |
26 |
index 47512ca..016aa45 100644 |
27 |
--- a/src/slirpvde/slirpvde.c |
28 |
+++ b/src/slirpvde/slirpvde.c |
29 |
@@ -53,7 +53,7 @@ |
30 |
VDECONN *conn; |
31 |
int dhcpmgmt=0; |
32 |
static char *pidfile = NULL; |
33 |
-static char pidfile_path[_POSIX_PATH_MAX]; |
34 |
+static char pidfile_path[PATH_MAX]; |
35 |
int logok=0; |
36 |
char *prog; |
37 |
extern FILE *lfd; |
38 |
@@ -78,9 +78,11 @@ void printlog(int priority, const char *format, ...) |
39 |
static void save_pidfile() |
40 |
{ |
41 |
if(pidfile[0] != '/') |
42 |
- strncat(pidfile_path, pidfile, PATH_MAX - strlen(pidfile_path)); |
43 |
- else |
44 |
- strcpy(pidfile_path, pidfile); |
45 |
+ strncat(pidfile_path, pidfile, sizeof(pidfile_path) - strlen(pidfile_path) -1); |
46 |
+ else { |
47 |
+ pidfile_path[0] = 0; |
48 |
+ strncat(pidfile_path, pidfile, sizeof(pidfile_path)-1); |
49 |
+ } |
50 |
|
51 |
int fd = open(pidfile_path, |
52 |
O_WRONLY | O_CREAT | O_EXCL, |
53 |
@@ -433,7 +435,7 @@ int main(int argc, char **argv) |
54 |
exit(1); |
55 |
} |
56 |
|
57 |
- strcat(pidfile_path, "/"); |
58 |
+ strncat(pidfile_path, "/", sizeof(pidfile_path) - strlen(pidfile_path) -1); |
59 |
if (daemonize && daemon(0, 0)) { |
60 |
printlog(LOG_ERR,"daemon: %s",strerror(errno)); |
61 |
exit(1); |
62 |
-- |
63 |
1.5.6 |