From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 28 Nov 2007 13:34:38 +0300 From: Alexey Tourbin To: ALT Linux Team development discussions Message-ID: <20071128103438.GP361@solemn.turbinal> Mail-Followup-To: ALT Linux Team development discussions References: <20071125211632.GC30421@basalt.office.altlinux.org> <20071126085538.GB13915@mw.local.seiros.ru> <474C3898.6090500@sandy.ru> <20071127154518.GM11953@basalt.office.altlinux.org> <75e139a00711272256i770bd25ci550debea6f99b693@mail.gmail.com> <474D2CED.30401@sandy.ru> <474D3678.508@altlinux.org> <474D3B92.6020908@sandy.ru> <20071128100457.GO361@solemn.turbinal> <474D4136.20706@sandy.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wrbiW19WTymQQzps" Content-Disposition: inline In-Reply-To: <474D4136.20706@sandy.ru> Subject: Re: [devel] IA: destination buffer overflow - ppp X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 10:34:39 -0000 Archived-At: List-Archive: List-Post: --wrbiW19WTymQQzps Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 28, 2007 at 01:21:42PM +0300, Dmitriy Khanzhin wrote: > Alexey Tourbin =D0=C9=DB=C5=D4: > > On Wed, Nov 28, 2007 at 12:57:38PM +0300, Dmitriy Khanzhin wrote: > > =F7=D9 =DE=D4=CF =D3=C4=C5=CC=C1=D4=D8-=D4=CF =C8=CF=D4=C9=D4=C5? =FE= =D4=CF=C2=D9 gcc =CE=C5 =D7=D9=C4=C1=D7=C1=CC warning? >=20 > =F1 =C8=CF=DE=D5 =D0=CF=CE=D1=D4=D8, =CB=C1=CB =CF=CE=CF =D2=C1=C2=CF=D4= =C1=C5=D4, =C9 =D3=C4=C5=CC=C1=D4=D8, =DE=D4=CF=C2=D9 =CE=C5 =C2=D9=CC=CF w= arning'=C1 =C9 > =DE=D4=CF-=C2=D9 =D2=C1=C2=CF=D4=C1=CC=CF. =F7=D9 =CE=C5 =D2=D5=C2=C9=D4=C5. =F0=CF=DE=C9=D4=C1=CA=D4=C5 =CB=CE=C9=D6= =CB=D5 =CE=C1=DA=D9=D7=C1=C5=D4=D3=D1 "=F3=C9" =C1=D7=D4=CF=D2=D9 =EB=C5=D2= =CE=C9=C7=C1=CE =C9 =F2=C9=D4=DE=C9. > > =EB=CF=D2=CF=DE=C5 =CC=D5=DE=DB=C5 =C9=D3=D0=CF=CC=D8=DA=D5=CA=D4=C5 sn= printf, =D4=C1=CD =CF=DB=C9=C2=C9=D4=D8=D3=D1 =D3=CC=CF=D6=CE=C5=C5 =DE=D4= =CF =CB =DE=C5=CD=D5. > >=20 > > =EE=CF snprintf =DC=D4=CF =C9=CE=D4=C5=D2=D0=D2=C5=D4=C1=D4=CF=D2, =D4= =C5=D2=D1=C5=D4=D3=D1 =FC=E6=E6=E5=EB=EB=F4=E9=F7=EE=EF=F3=F4=F8 =EB=EF=E4= =E1!! > >=20 > =F0=C1=D4=DE =D3 =D0=D2=C9=CD=C5=CE=C5=CE=C9=C5=CD snprintf =D1 =D0=CF=CB= =C1=DA=D9=D7=C1=CC =D7=DE=C5=D2=C1 > http://lists.altlinux.org/pipermail/devel/attachments/20071127/72869196/a= ttachment.ksh > --- ppp-2.4.4/pppd/plugins/radius/clientid.c.orig 2007-09-29 16:38:= 20 +0400 =20 > +++ ppp-2.4.4/pppd/plugins/radius/clientid.c 2007-11-27 09:08:24 +0300= =20 > @@ -104,18 +104,29 @@ = =20 > UINT4 rc_map2id(char *name) = =20 > { = =20 > struct map2id_s *p; = =20 > - char ttyname[PATH_MAX]; = =20 > + char *ttyname; = =20 > + int ttyname_len=3D0; = =20 > + char prefix_dev[6]; = =20 > = =20 > - *ttyname =3D '\0'; = =20 > - if (*name !=3D '/') = =20 > - strcpy(ttyname, "/dev/"); = =20 > - = =20 > - strncat(ttyname, name, sizeof(ttyname)); = =20 > + *prefix_dev =3D ""; = =20 > + ttyname_len =3D strlen(name)+1; = =20 > + = =20 > + if (*name !=3D '/') { = =20 > + *prefix_dev =3D "/dev/"; = =20 =EE=C5 =C2=C5=D2=C9=D4=C5=D3=D8, =CE=C5 =C2=C5=D2=C9=D4=C5=D3=D8, =CE=C5 = =C2=C5=D2=C9=D4=C5=D3=D8 =DA=C1 =D4=CF =DE=C5=C7=CF =F7=D9 =CE=C5 =D0=CF=CE= =C9=CD=C1=C5=D4=C5. > + ttyname_len =3D ttyname_len+strlen(prefix_dev); = =20 > + } = =20 > + = =20 > + ttyname =3D calloc(ttyname_len, sizeof(char)); = =20 > + snprintf(ttyname, ttyname_len, "%s%s", prefix_dev, name); = =20 > = =20 > for(p =3D map2id_list; p; p =3D p->next) = =20 > - if (!strcmp(ttyname, p->name)) return p->id; = =20 > + if (!strcmp(ttyname, p->name)) { = =20 > + free(ttyname); = =20 > + return p->id; = =20 > + } = =20 > = =20 > warn("rc_map2id: can't find tty %s in map database", ttyname); = =20 > = =20 > + free(ttyname); = =20 > return 0; = =20 > } = =20 --wrbiW19WTymQQzps Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHTUQ+fBKgtDjnu0YRArI2AJ9lCNVKVU2fJm9M3Qb1v7E2ebeBNgCggBC2 pwOFKtu2nc+XP2AU4AECJLY= =YLyA -----END PGP SIGNATURE----- --wrbiW19WTymQQzps--