Buffer overflow in disklabel
Sebastian Ssmoller
sebastian.ssmoller at gmx.net
Sun Apr 20 01:30:39 PDT 2003
sorry. seem to have a problem with my email client :-( Hope the
attachment is now there...
seb
Am Son, 2003-04-20 um 10.16 schrieb Sebastian Ssmoller:
> Hi,
> I attached a patch for that problem. Can someone have a look at it?
>
> But one thing is still unclear to me: Why do we need 8k buffer for the
> disk name?
>
> seb
>
> Am Son, 2003-04-20 um 05.23 schrieb Kris Kennaway:
> > Run the following under /bin/sh (not tcsh, which - still! - has a bug
> > that causes the command to hang tcsh):
> >
> > # disklabel `perl -e 'print "a"x51200'`
> > Segmentation fault (core dumped)
> >
> > The responsible code is:
> >
> > dkname = argv[0];
> > if (dkname[0] != '/') {
> > (void)sprintf(np, "%s%s%c", _PATH_DEV, dkname, 'a' + RAW_PART);
> > specname = np;
> > np += strlen(specname) + 1;
> > } else
> > specname = dkname;
> > f = open(specname, op == READ ? O_RDONLY : O_RDWR);
> > if (f < 0 && errno == ENOENT && dkname[0] != '/') {
> > (void)sprintf(specname, "%s%s", _PATH_DEV, dkname);
> > np = namebuf + strlen(specname) + 1;
> > f = open(specname, op == READ ? O_RDONLY : O_RDWR);
> > }
> >
> > i.e. overflowing an 8k buffer. Does anyone feel like fixing it?
> >
> > Kris
>
> ----
>
> _______________________________________________
> freebsd-audit at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-audit
> To unsubscribe, send any mail to "freebsd-audit-unsubscribe at freebsd.org"
More information about the freebsd-audit
mailing list