Hosting Provided By

Patch for utility.c in telnetd..

From: Adrian Chadd <adrian(at)cougar.aceonline.com.au>
Date: Thu Feb 20 1997 - 05:11:57 EST

Here is a patch for a couple of blantantly obvious (to me) possible buffer overflow problems. From what I could see from the source, putstr() isn't used for anything bigger than BUFSIZ, so thats my assumption. If anyone thinks I should, I can change it to accept a maxlength parameter. Try it out, tell me if ity works or not, and if its any use at all.

Cya.

--
Adrian Chadd			|	Windows 95 - the XT emulator for
		|	 your 486 and above!
				|	Being superstitious is bad luck.


diff - utility.c


396a397


> 	int index = 0;


398c399,403
< 	while (*s)
---

> 	while (*s) {

> 		index++;

> 		if (index > BUFSIZ) {

> 			err(1,"putstr(): overflow in string length.\n");


> 		}

399a405

> 	}

427c433,435
< 	char db[100];
---

> 	char db[BUFSIZ];


> 	int index;


> 
441a450


> 	index = 0;


444,445c453,463
< 			putchr(*cp++);
< 			continue;
---

> 			if (index > BUFSIZ) {

> 				err(1, "putf() : overflow in while (*cp)\n");

> 			} else {

> 				putchr(*cp++);

> 				index++;

> 				continue;

> 			}

> 		}

> 		index++;

> 		if (index > BUFSIZ) {


> 			err(1, "putf() : overflow in switch (*+cpp)\n");

Received on Thu Feb 20 02:11:49 1997

This message: [ Message body ]
Next message: Adrian Chadd: "Re : util.c patch whoops.."
Previous message: Adrian Chadd: "Re : Telnetd."
Next in thread: David Nugent: "Re: Patch for utility.c in telnetd."
Reply: David Nugent: "Re: Patch for utility.c in telnetd."
Reply: Adrian Chadd: "Re : util.c patch whoops.."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:41:04 EDT