[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gcc4 compilation error
|
From: |
Jeff Sheltren |
|
Subject: |
Re: gcc4 compilation error |
|
Date: |
Wed, 06 Apr 2005 10:04:09 -0700 |
|
User-agent: |
Microsoft-Entourage/11.0.0.040405 |
By the way, I just found one more when using 'cfenvd':
--- src/cfenvd.c 2004-09-21 01:08:53.000000000 -0700
+++ src/cfenvd.c.fc4 2005-04-06 09:59:33.000000000 -0700
@@ -280,7 +280,7 @@
sprintf(VBUFF,"%s/state/cf_users",CFWORKDIR);
CreateEmptyFile(VBUFF);
-snprintf(AVDB,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_AVDB_FILE);
+snprintf(AVDB,1024,"%s/state/%s",CFWORKDIR,CF_AVDB_FILE);
snprintf(STATELOG,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_STATELOG_FILE);
snprintf(ENV_NEW,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_ENVNEW_FILE);
snprintf(ENV,CF_BUFSIZE,"%s/state/%s",CFWORKDIR,CF_ENV_FILE);
-Jeff
On 4/6/05 9:50 AM, "Jeff Sheltren" <address@hidden> wrote:
> Hi Mark, I did some more checking, and it looks like there is a possible
> buffer overflow there (and I found a few others after that was fixed). The
> good news is, after changing a few snprintf calls to have a more appropriate
> buffer size, cfagent is now running fine. I'm attaching a patch which makes
> the changes, although it currently uses a hardcoded '1024', which would be
> better to change to some constant defined elsewhere. For example, the one I
> wrote about was line 52 of crypto.c:
> snprintf(AVDB,CF_BUFSIZE,"%s/%s",CFWORKDIR,CF_AVDB_FILE);
>
> AVDB is defined as 'char AVDB[1024]', but CF_BUFSIZE is 4096 (as is
> CFWORKDIR), so a buffer overflow is possible there. Changing the snprintf
> call to use 1024 as the buffer size (since that is the size of AVDB) works
> great:
> snprintf(AVDB,1024,"%s/%s",CFWORKDIR,CF_AVDB_FILE);
>
> There were two others that I found after that was fixed (see the patch).
> There may be more, but after fixing those I was able to do a clean run of
> cfagent in my environment.
>
> -Jeff