From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 28 Nov 2007 23:58:26 +0300 From: "Dmitry V. Levin" To: ALT Linux Team development discussions Message-ID: <20071128205826.GA31465@nomad.office.altlinux.org> Mail-Followup-To: ALT Linux Team development discussions References: <20071125120814.GA22522@basalt.office.altlinux.org> <20071125195520.GS28492@osdn.org.ua> <20071125211632.GC30421@basalt.office.altlinux.org> <20071126085538.GB13915@mw.local.seiros.ru> <474C3898.6090500@sandy.ru> <20071127154518.GM11953@basalt.office.altlinux.org> <75e139a00711272256i770bd25ci550debea6f99b693@mail.gmail.com> <20071128113328.GD32244@basalt.office.altlinux.org> <679044850711280500x4213b54dk16d70e820595622b@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: <679044850711280500x4213b54dk16d70e820595622b@mail.gmail.com> X-fingerprint: FE4C 93AB E19A 2E4C CB5D 3E4E 7CAB E6AC 9E35 361E Subject: Re: [devel] IA: destination buffer overflow - ppp X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 20:58:27 -0000 Archived-At: List-Archive: List-Post: --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 28, 2007 at 04:00:59PM +0300, Damir Shayhutdinov wrote: > > > 2007/11/27, Dmitry V. Levin : > > > > On Tue, Nov 27, 2007 at 06:32:40PM +0300, Dmitriy Khanzhin wrote: > > > > > - strncat(ttyname, name, sizeof(ttyname)); > > > > > > + strncat(ttyname, name, sizeof(ttyname)-1); > > > > > > > =E1=D7=D4=CF=D2 =DC=D4=CF=C7=CF =CB=CF=C4=C1 =CE=C5 =D3=D0=D2=C1=D7= =C9=CC=D3=D1 =D3 =C6=D5=CE=CB=C3=C9=C5=CA strncat. > > > > =E9=D3=D0=D2=C1=D7=CC=C5=CE=C9=C5 =D4=D2=C9=D7=C9=C1=CC=D8=CE=CF. > > > > > > =E6=C9=CB=D3 =C4=CF=CC=D6=C5=CE =C2=D9=D4=D8 =D4=C1=CB=C9=CD (=D3=CD.= =D7=D9=DB=C5)? =E9=CC=C9 =CE=C5=D4? > > > > =E4=C1, =D4=C1=CB=C9=CD. > =F1 =DE=C5=D3=D4=CE=CF =C7=CF=D7=CF=D2=D1 =CE=C5=DE=C1=D3=D4=CF =D0=CF=CC= =D8=DA=D5=C0=D3=D8 strncat, =CE=CF =D2=C1=DA=D7=C5 =D4=D2=C5=D4=C9=CA =D0= =C1=D2=C1=CD=C5=D4=D2 > =CF=DA=CE=C1=DE=C1=C5=D4 =D2=C1=DA=CD=C5=D2 =C2=D5=C6=C5=D2=C1 dest? =E5= =D3=CC=C9 =D7=C5=D2=C9=D4=D8 =D3=D4=C1=CE=C4=C1=D2=D4=D5 C, =CF=CE =CF=DA= =CE=C1=DE=C1=C5=D4 > =CD=C1=CB=D3=C9=CD=C1=CC=D8=CE=CF=C5 =CB=CF=CC=C9=DE=C5=D3=D4=D7=CF =D3= =C9=CD=D7=CF=CC=CF=D7 =C9=DA src, =CB=CF=D4=CF=D2=CF=C5 =C2=D5=C4=C5=D4 =D0= =D2=C9=CB=CC=C5=C5=CE=CF =CB > dest. =F3=CC=C5=C4=CF=D7=C1=D4=C5=CC=D8=CE=CF, strncat(ttyname, name, siz= eof(ttyname)-1) =D3=C4=C5=CC=C1=C5=D4 > =D3=CC=C5=C4=D5=C0=DD=C5=C5 - =CB =D4=CF=CD=D5 =DE=D4=CF =D5=D6=C5 =C9=CD= =C5=C5=D4=D3=D1 =D7 ttyname, =C4=CF=C2=C1=D7=C9=D4 =C5=DD=C5 =CD=C1=CB=D3= =C9=CD=D5=CD > sizeof(ttyname) - 1 =C2=C1=CA=D4. =F1=D7=CE=CF=C5 =D6=C5 =D0=C5=D2=C5=D0= =CF=CC=CE=C5=CE=C9=C5 =C2=D5=C4=C5=D4, =CE=C1 > strlen(ttyname) =D0=C5=D2=C5=C4 strncat. =EB=CF=CE=C5=DE=CE=CF. =EF=C2=DD=C1=D1 =C9=C4=C5=D1 =D4=C1=CB=C1=D1: - =E5=D3=CC=C9 =D7=D9 =D7=C9=C4=C9=D4=C5 =D7 =CB=CF=C4=C5 strncat(to,from,s= izeof to), =D4=CF =DC=D4=CF =D4=CF=DE=CE=CF =CF=DB=C9=C2=CB=C1, =D7=CE=C5 =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=C9 =CF=D4 =CF=D3=D4=C1=CC=D8=CE=CF= =C7=CF =CB=CF=CE=D4=C5=CB=D3=D4=C1; =C9=CD=C5=CE=CE=CF =C5=A3 =D0=CF=CA=CD= =C1=CC =CB=CF=CD=D0=C9=CC=D1=D4=CF=D2. - =EB=D2=CF=CD=C5 =D4=CF=C7=CF, =C5=D3=CC=C9 to[0] !=3D '\0', =D4=CF =D7 = =CB=CF=C4=C5 strncat(to,from,sizeof to) =D3=CE=CF=D7=C1 =D0=C5=D2=C5=D0=CF=CC=CE=C5=CE=C9=C5 =CE=C1 strlen(to); =DE= =D4=CF=C2=D9 =DC=D4=CF =D0=D2=CF=D7=C5=D2=C9=D4=D8, =CE=C1=C4=CF =D7=C9=C4= =C5=D4=D8 =CB=CF=CE=D4=C5=CB=D3=D4 =D7=D9=DA=CF=D7=C1 strncat. > =F4=C1=CB =DE=D4=CF =D0=D2=C1=D7=C9=CC=D8=CE=C5=C5 =C2=D5=C4=C5=D4 strnca= t(ttyname, name, sizeof(ttyname) - > strlen(ttyname) - 1, =C9=CC=C9 =D0=D2=CF=D3=D4=CF > strlcat(ttyname, name, sizeof(ttyname)). =EF=C2=DD=C5=C5 =D0=D2=C1=D7=C9=CC=CF, =CE=C1=D7=C5=D2=CE=CF=C5, =D4=C1=CB= =CF=C5: - =C5=D3=CC=C9 =D7 =CB=CF=C4=C5 =CD=CF=D6=CE=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7= =C1=D4=D8 asprintf, =D4=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 asprintf; - =C5=D3=CC=C9 =D7 =CB=CF=C4=C5 =CD=CF=D6=CE=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7= =C1=D4=D8 snprintf, =D4=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 snprintf; - =C5=D3=CC=C9 =D7 =CB=CF=C4=C5 =CD=CF=D6=CE=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7= =C1=D4=D8 strlcat, =D4=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 strlcat; - =C9=CE=C1=DE=C5 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 strncat; =E8=CF=D4=D1 =C2=D9=D7=C1=C0=D4 =C9 =C9=D3=CB=CC=C0=DE=C5=CE=C9=D1. =F7 =C4=C1=CE=CE=CF=CD =CB=CF=CE=CB=D2=C5=D4=CE=CF=CD =D3=CC=D5=DE=C1=C5: = =CB=CF=C4 ppp =CE=C5 =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4 asprintf, =CE=CF =C9=D3= =D0=CF=CC=D8=DA=D5=C5=D4 strlcat, =D0=CF=DC=D4=CF=CD=D5 =CE=C1=C9=C2=CF=CC=C5=C5 =D0=CF=C4=C8=CF=C4= =D1=DD=C9=CD =C4=CC=D1 upstream'=C1 =C9=DA=CD=C5=CE=C5=CE=C9=C5=CD =C2=D5= =C4=C5=D4 =DA=C1=CD=C5=CE=C9=D4=D8 strncat =CE=C1 strlcat. P.S. =EE=C5 =DA=C1=C2=D5=C4=D8=D4=C5 =CF=D3=DE=C1=D3=D4=CC=C9=D7=C9=D4=D8 u= pstream =D0=C1=D4=DE=C5=CD. --=20 ldv --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHTdZxfKvmrJ41Nh4RAjPeAKCz9s7gCRX0iQZHh8Rf9a61643H+wCgmaK6 rSyRalHqEWVbD4EIl307YV8= =WjGz -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0--