diff options
author | Ralf Baechle <ralf@linux-mips.org> | 2021-07-28 12:54:11 +0200 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2021-07-28 12:54:11 +0200 |
commit | 27de2c769e20b0d056131442c5a2873a73f42bdc (patch) | |
tree | 5ae6be01cd8c468a3a499df26f0c49fb6aae85f6 /ax25ipd/ax25ipd.conf.man | |
parent | f2f7b4dde15c553627a85e2d13f2612552994188 (diff) |
listen: Fix potential buffer overflow.
Sounds evil but would only be exploitable when getservbyport is accessing
a database that's under an attacker's control. The /etc/services file
shipping with Fedora 34 has entries of a maximum length of 15 characters
so are just fine.
Fixed by not copying the string returned by getservbyport - which also is
faster. At that point it becomes possible to reduce the length of str[]
to 6 bytes.
Found by the following GCC 11 warning:
gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -Wall -MT utils.o -MD -MP -MF .deps/utils.Tpo -c -o utils.o utils.c
utils.c: In function ‘servname’:
utils.c:124:17: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
124 | strncpy(str, serv->s_name, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'ax25ipd/ax25ipd.conf.man')
0 files changed, 0 insertions, 0 deletions