- Added security fix for auth file parsing code

Approved by:	itetcu (mentor, implicit), maintainer
Security:	Insecure sscanf usage
This commit is contained in:
Niels Heinen 2010-08-21 21:12:20 +00:00
parent 567a4282c0
commit 453207aab9
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=259694
2 changed files with 30 additions and 0 deletions

View file

@ -7,6 +7,7 @@
PORTNAME= corkscrew
PORTVERSION= 2.0
PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.agroman.net/corkscrew/ \
CRITICAL

View file

@ -0,0 +1,29 @@
--- corkscrew.c.orig 2001-08-23 20:27:32.000000000 +0200
+++ corkscrew.c 2010-08-21 10:26:23.000000000 +0200
@@ -201,9 +201,8 @@
fprintf(stderr, "Error opening %s: %s\n", argv[5], strerror(errno));
exit(-1);
} else {
- char line[4096];
- fscanf(fp, "%s", line);
- up = malloc(sizeof(line));
+ char line[1024];
+ fscanf(fp, "%1023s", line);
up = line;
fclose(fp);
}
@@ -249,11 +248,12 @@
/* there's probably a better way to do this */
if (setup == 0) {
if (FD_ISSET(csock, &rfd)) {
- len = read(csock, buffer, sizeof(buffer));
+ len = read(csock, buffer, sizeof(buffer) -1);
if (len<=0)
break;
else {
- sscanf(buffer,"%s%d%[^\n]",version,&code,descr);
+ buffer[len] = '\0';
+ sscanf(buffer,"%256s%3d%[^\n]",version,&code,descr);
if ((strncmp(version,"HTTP/",5) == 0) && (code >= 200) && (code < 300))
setup = 1;
else {