6a55d3b4e3
fixing remotely exploitable buffer overflow. bump PKGREVISION. addresses PR pkg/22687 from Wolfgang S. Rupprecht.
25 lines
1 KiB
Text
25 lines
1 KiB
Text
$NetBSD: patch-ac,v 1.1 2003/10/11 11:27:56 grant Exp $
|
|
|
|
--- lib/log.c.orig 1997-06-19 02:32:05.000000000 +1000
|
|
+++ lib/log.c
|
|
@@ -77,7 +77,8 @@ static void replacePercentM(const char *
|
|
}
|
|
|
|
void S5LogvUpdate(const void *handle, int level, int msgID, const char *oformat, va_list pvar) {
|
|
- char fmt_cpy[2*1024 + 2*10], format[2*1024 + 2*10];
|
|
+#define FMT_BUFLEN (2*1024 + 2*10)
|
|
+ char fmt_cpy[FMT_BUFLEN], format[FMT_BUFLEN];
|
|
S5LogHandle *h = (S5LogHandle *)handle;
|
|
int serrno = GETERRNO();
|
|
static int dontLoop = 0;
|
|
@@ -112,7 +113,9 @@ void S5LogvUpdate(const void *handle, in
|
|
strcat(format, " ");
|
|
|
|
replacePercentM(oformat, format + strlen(format), sizeof(format) - strlen(format));
|
|
- vsprintf(fmt_cpy, format, pvar);
|
|
+ if(vsnprintf(fmt_cpy, FMT_BUFLEN-1,format, pvar)==-1) {
|
|
+ fmt_cpy[FMT_BUFLEN-1]='\0';
|
|
+ }
|
|
|
|
/* Log to the Local log facility, e.g. Stderr on Unix and maybe a window */
|
|
/* or something on NT. Neither system can deal with a NULL format so */
|