From a22228bb73ede989c4e640b4bd70483a3c0d768c Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Wed, 26 Jul 2017 15:02:11 +0200 Subject: kissnetd: Fix possible buffer overflow. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When printing an error message for configurations using particularly long file names a buffer overflow may occur potencially resulting in malfunction or crash. This fixes the following GCC 7.1.1 warnings: gcc -DHAVE_CONFIG_H -I. -I.. -D_GNU_SOURCE -DAX25_SYSCONFDIR=\""/usr/local/etc/ax25/"\" -DAX25_LOCALSTATEDIR=\""/us r/local/var/ax25/"\" -g -O2 -Wall -MT kissnetd.o -MD -MP -MF .deps/kissnetd.Tpo -c -o kissnetd.o kissnetd.c kissnetd.c: In function ‘main’: kissnetd.c:124:38: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 66 [-Wformat-overflow=] sprintf(MyString, "cannot reopen %s", PortList[PortNumber]->Name); ^~ kissnetd.c:124:5: note: ‘sprintf’ output between 15 and 4110 bytes into a destination of size 80 sprintf(MyString, "cannot reopen %s", PortList[PortNumber]->Name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kissnetd.c:143:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 55 [-Wformat-overflow=] sprintf(MyString, "Cannot unlock pts-device %s\n", PortList[PortNumber]->namepts); ^~ kissnetd.c:143:5: note: ‘sprintf’ output between 27 and 4122 bytes into a destination of size 80 sprintf(MyString, "Cannot unlock pts-device %s\n", PortList[PortNumber]->namepts); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kissnetd.c:154:50: warning: ‘%s’ directive writing up to 4095 bytes into a region of size 54 [-Wformat-overflow=] sprintf(MyString, "cannot reopen ptmx (slave %s).", PortList[PortNumber]->namepts); ^~ kissnetd.c:154:5: note: ‘sprintf’ output between 29 and 4124 bytes into a destination of size 80 sprintf(MyString, "cannot reopen ptmx (slave %s).", PortList[PortNumber]->namepts); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Ralf Baechle --- kiss/kissnetd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'kiss') diff --git a/kiss/kissnetd.c b/kiss/kissnetd.c index e8448ef..abf9ee9 100644 --- a/kiss/kissnetd.c +++ b/kiss/kissnetd.c @@ -106,7 +106,8 @@ static void NewPort(char *Name) static void ReopenPort(int PortNumber) { - char MyString[80]; + char MyString[28 + PATH_MAX]; + PortList[PortNumber]->TimeLastOpen = time(NULL); if (VerboseMode) { -- cgit v1.2.3