diff options
author | Thomas Osterried <ax25@x-berg.in-berlin.de> | 2015-04-09 20:39:41 +0200 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2015-05-01 23:55:41 +0200 |
commit | 51c13129a416762143ecd0ff431e250a8a354282 (patch) | |
tree | d2f659761de859aeb7b0586c9452198ede15c20a /ax25 | |
parent | 5b7845fbd7e220e0fae0dede75df1bc934b2efe0 (diff) |
Signed-off-by: Thomas Osterried <ax25@x-berg.in-berlin.de>
Security patch submitted by Jaroslav Skarvada <jskarvad@redhat.com>
Netrom and ROSE Addresses are copied to Node.
Room was enough for Netrom, but rose addresses returned by rose_ntoa()
are one byte longer (a 10 bytes string plus null-termination) which lead
to an buffer overflow.
Diffstat (limited to 'ax25')
-rw-r--r-- | ax25/ax25d.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ax25/ax25d.c b/ax25/ax25d.c index 730ca49..899e04e 100644 --- a/ax25/ax25d.c +++ b/ax25/ax25d.c @@ -185,7 +185,7 @@ struct axlist { /* Have used same struct for quickness */ static struct axlist *AXL = NULL; static char *ConfigFile = CONF_AX25D_FILE; static char User[10]; /* Room for 'GB9ZZZ-15\0' */ -static char Node[10]; /* Room for 'GB9ZZZ-15\0' */ +static char Node[11]; /* Room for 'GB9ZZZ-15\0' (NETROM) and 10 bytes ROSE '6505551234\0' */ static char myAX25Name[10]; /* Room for 'GB9ZZZ-15\0' */ static char *Port; static int Logging = FALSE; |