From 51c13129a416762143ecd0ff431e250a8a354282 Mon Sep 17 00:00:00 2001
From: Thomas Osterried <ax25@x-berg.in-berlin.de>
Date: Thu, 9 Apr 2015 20:39:41 +0200
Subject: Signed-off-by: Thomas Osterried <ax25@x-berg.in-berlin.de>

Security patch submitted by Jaroslav Skarvada <jskarvad@redhat.com>

Netrom and ROSE Addresses are copied to Node.
Room was enough for Netrom, but rose addresses returned by rose_ntoa()
are one byte longer (a 10 bytes string plus null-termination) which lead
to an buffer overflow.
---
 ax25/ax25d.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ax25')

diff --git a/ax25/ax25d.c b/ax25/ax25d.c
index 730ca49..899e04e 100644
--- a/ax25/ax25d.c
+++ b/ax25/ax25d.c
@@ -185,7 +185,7 @@ struct axlist {		/* Have used same struct for quickness */
 static struct axlist *AXL	= NULL;
 static char *ConfigFile		= CONF_AX25D_FILE;
 static char User[10];				/* Room for 'GB9ZZZ-15\0' */
-static char Node[10];				/* Room for 'GB9ZZZ-15\0' */
+static char Node[11];				/* Room for 'GB9ZZZ-15\0' (NETROM) and 10 bytes ROSE '6505551234\0' */
 static char myAX25Name[10];			/* Room for 'GB9ZZZ-15\0' */
 static char *Port;
 static int Logging		= FALSE;
-- 
cgit v1.2.3