bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] Hi dee Ho list!

From: Maz The Northener
Subject: [bug-inetutils] Hi dee Ho list!
Date: Wed, 30 Dec 2009 02:12:31 +0200 
Hi dee Ho list!

Tonight was one of these nights. I was staring the computer screen,
knowing that I have dozens of things I should do - but felt like doing
none of those. I bet most of us have had such moments.

So I decided to download sources for a random gnu package, and just
browse some code trying to find a bug. Do not judge me as being nasty,
destructive bastard, I just try to possibly eliminate one problem from
the future.

Well, I opened libtelnet/shishi.c file - it sounded like fun. (I've no
idea what is shishi, it sounds like something I could drink :D ) and
at line 591 I saw it. (sources taken from git just a few moments ago).

function krb5shishi_printsub(). (I have no idea where this is called
from, and thus I have no idea if we really have a bug here, or just
something my eye catched as a peculiar thing).

Here is:

p = req_type_str (data[3]);
  if (!p)
    {
      int l = snprintf (buf, buflen, " %d (unknown)", data[3]);
      buf += l;
      buflen -= l;
    }

and buf is a char pointer (buffer) coming from arguments, buflen is an
int, also coming from arguments.

What we do not do here, is checking the returnvalue from snprintf (Eg.
if supplied buffer was large enough). Then we advance buf pointer with
amount of returned value etc.

If supplied buffer was not long enough, snprintf propably returns the
lenght that would have been needed to fit the text in buffer. So after
increment the buf will point beyond the supplied buffer's boundaries.
But as I stated, I do not know the context this thing is sitting in,
so I cannot say if this is a problem or not. But I assume it is
possible the data written by snprintf can exceed size of the buffer -
otherwise I would probably see just sprintf here?

Anyways, Now I managed to spend my freetime without actually doing
things I should've been doing, so I guess I may just as well stop
bothering you. :]

Thank you for all the great work you do, and keep things going mates :]
I will keep watcing this list from now on :)

-Matti.




BrakesAreForCowards!!!
When you feel blue, no one sees your tears... When your down, no one
understands your struggle...
When you feel happy, no one notices your smile...
But fart just once...
I would love to create a freeware game with C - unless I was working at NSN.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]