[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bad use of memcpy in ospf6d
From: |
Anil Madhavapeddy |
Subject: |
Re: bad use of memcpy in ospf6d |
Date: |
Fri, 20 Jun 2003 14:23:41 +0100 |
User-agent: |
Mutt/1.4.1i |
Hi Paul,
I'm not sure if one of my earlier submissions (from April) was
picked up or not ... it's in the OpenBSD CVS repository here, and
fixes some more buffer boundaries. I didn't see it in zebra anoncvs.
http://www.openbsd.org/cgi-bin/cvsweb.cgi/ports/net/zebra/patches/patch-lib_sockunion_c?rev=1.1
cheers,
Anil
On Thu, Jun 19, 2003 at 03:16:34AM +0100, Paul Jakma wrote:
> Hi Anil,
>
> Thanks for that.
>
> --paulj
>
> On Thu, 19 Jun 2003, Anil Madhavapeddy wrote:
>
> > Hi, noticed this during an OpenBSD security audit against zebra-0.93a.
> > Using memcpy here will copy a load of unwanted stuff into src_name.
> >
> > --- ospf6d/ospf6_message.c.orig Wed Jun 18 03:00:14 2003
> > +++ ospf6d/ospf6_message.c Thu Jun 19 02:18:41 2003
> > @@ -1421,7 +1421,7 @@ ospf6_message_send (unsigned char type,
> > if (o6i->lladdr)
> > inet_ntop (AF_INET6, o6i->lladdr, src_name, sizeof (src_name));
> > else
> > - memcpy (src_name, "Unknown", sizeof (src_name));
> > + strcpy (src_name, "Unknown");
> > zlog_info ("Send %s on %s",
> > ospf6_message_type_string[type], o6i->interface->name);
> > zlog_info (" %s -> %s", src_name, dst_name);
> >
> >
>
> --
> Paul Jakma address@hidden address@hidden Key ID: 64A2FF6A
> warning: do not ever send email to address@hidden
> Fortune:
> "Necessity is the mother of invention" is a silly proverb. "Necessity
> is the mother of futile dodges" is much nearer the truth.
> -- Alfred North Whitehead
>
--
Anil Madhavapeddy http://anil.recoil.org
University of Cambridge http://www.cl.cam.ac.uk