diff options
| author | Ralf Baechle <ralf@linux-mips.org> | 2017-07-26 15:02:11 +0200 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2017-07-26 15:02:11 +0200 |
| commit | a22228bb73ede989c4e640b4bd70483a3c0d768c (patch) | |
| tree | 40f3225b13b11efc2759c5acca92d1acb13c36a3 | |
| parent | 91d0e0e4597c5ed341ae56ea52dec679230683d4 (diff) | |
kissnetd: Fix possible buffer overflow.
When printing an error message for configurations using particularly
long file names a buffer overflow may occur potencially resulting in
malfunction or crash.
This fixes the following GCC 7.1.1 warnings:
gcc -DHAVE_CONFIG_H -I. -I.. -D_GNU_SOURCE -DAX25_SYSCONFDIR=\""/usr/local/etc/ax25/"\" -DAX25_LOCALSTATEDIR=\""/us
r/local/var/ax25/"\" -g -O2 -Wall -MT kissnetd.o -MD -MP -MF .deps/kissnetd.Tpo -c -o kissnetd.o kissnetd.c
kissnetd.c: In function ‘main’:
kissnetd.c:124:38: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 66 [-Wformat-overflow=]
sprintf(MyString, "cannot reopen %s", PortList[PortNumber]->Name);
^~
kissnetd.c:124:5: note: ‘sprintf’ output between 15 and 4110 bytes into a destination of size 80
sprintf(MyString, "cannot reopen %s", PortList[PortNumber]->Name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kissnetd.c:143:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 55 [-Wformat-overflow=]
sprintf(MyString, "Cannot unlock pts-device %s\n", PortList[PortNumber]->namepts);
^~
kissnetd.c:143:5: note: ‘sprintf’ output between 27 and 4122 bytes into a destination of size 80
sprintf(MyString, "Cannot unlock pts-device %s\n", PortList[PortNumber]->namepts);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kissnetd.c:154:50: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 54 [-Wformat-overflow=]
sprintf(MyString, "cannot reopen ptmx (slave %s).", PortList[PortNumber]->namepts);
^~
kissnetd.c:154:5: note: ‘sprintf’ output between 29 and 4124 bytes into a destination of size 80
sprintf(MyString, "cannot reopen ptmx (slave %s).", PortList[PortNumber]->namepts);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| -rw-r--r-- | kiss/kissnetd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/kiss/kissnetd.c b/kiss/kissnetd.c index e8448ef..abf9ee9 100644 --- a/kiss/kissnetd.c +++ b/kiss/kissnetd.c @@ -106,7 +106,8 @@ static void NewPort(char *Name) static void ReopenPort(int PortNumber) { - char MyString[80]; + char MyString[28 + PATH_MAX]; + PortList[PortNumber]->TimeLastOpen = time(NULL); if (VerboseMode) { |