svn commit: samba r11797 - in
branches/SAMBA_4_0/source/lib/replace: .
jra at samba.org
jra at samba.org
Sat Nov 19 01:12:11 GMT 2005
Author: jra
Date: 2005-11-19 01:12:10 +0000 (Sat, 19 Nov 2005)
New Revision: 11797
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11797
Log:
Added OpenSSH fix for "%.*s" format crash. From Darren Tucker
<dtucker at zip.com.au>
Jeremy.
Modified:
branches/SAMBA_4_0/source/lib/replace/snprintf.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/replace/snprintf.c
===================================================================
--- branches/SAMBA_4_0/source/lib/replace/snprintf.c 2005-11-18 23:48:51 UTC (rev 11796)
+++ branches/SAMBA_4_0/source/lib/replace/snprintf.c 2005-11-19 01:12:10 UTC (rev 11797)
@@ -53,6 +53,12 @@
* got rid of fcvt code (twas buggy and made testing harder)
* added C99 semantics
*
+ * Darren Tucker (dtucker at zip.com.au)
+ * Fix bug allowing read overruns of the source string with "%.*s"
+ * Usually harmless unless the read runs outside the process' allocation
+ * (eg if your malloc does guard pages) in which case it will segfault.
+ * From OpenSSH. Also added test for same.
+ *
**************************************************************/
#ifndef NO_CONFIG_H /* for some tests */
@@ -436,7 +442,7 @@
value = "<NULL>";
}
- for (strln = 0; value[strln]; ++strln); /* strlen */
+ for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */
padlen = min - strln;
if (padlen < 0)
padlen = 0;
@@ -851,6 +857,7 @@
{
char buf1[1024];
char buf2[1024];
+ char *buf3;
char *fp_fmt[] = {
"%1.1f",
"%-1.5f",
@@ -959,6 +966,20 @@
}
}
+#define BUFSZ 2048
+
+ if ((buf3 = malloc(BUFSZ)) == NULL) {
+ fail++;
+ } else {
+ num++;
+ memset(buf3, 'a', BUFSZ);
+ snprintf(buf1, sizeof(buf1), "%.*s", 1, buf3);
+ if (strcmp(buf1, "a") != 0) {
+ printf("length limit buf1 '%s' expected 'a'\n", buf1);
+ fail++;
+ }
+ }
+
printf ("%d tests failed out of %d.\n", fail, num);
printf("seeing how many digits we support\n");
More information about the samba-cvs
mailing list