From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <474C3898.6090500@sandy.ru> Date: Tue, 27 Nov 2007 18:32:40 +0300 From: Dmitriy Khanzhin User-Agent: Thunderbird 2.0.0.6 (X11/20070804) MIME-Version: 1.0 To: ALT Linux Team development discussions References: <20071125120814.GA22522@basalt.office.altlinux.org> <20071125195520.GS28492@osdn.org.ua> <20071125211632.GC30421@basalt.office.altlinux.org> <20071126085538.GB13915@mw.local.seiros.ru> In-Reply-To: <20071126085538.GB13915@mw.local.seiros.ru> X-Enigmail-Version: 0.95.2 Content-Type: multipart/mixed; boundary="------------020404060806080907080802" Subject: Re: [devel] IA: destination buffer overflow - ppp X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2007 15:37:20 -0000 Archived-At: List-Archive: List-Post: This is a multi-part message in MIME format. --------------020404060806080907080802 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: quoted-printable =C4=E5=ED=E8=F1 =D1=EC=E8=F0=ED=EE=E2 =EF=E8=F8=E5=F2: > On Mon, Nov 26, 2007 at 12:16:32AM +0300, Dmitry V. Levin wrote: >=20 >>> On Sun, Nov 25, 2007 at 03:08:14PM +0300, Dmitry V. Levin wrote: >>>> =C5=F9=B8 =F0=E0=E7 =EE=E1=F0=E0=F2=E8=F2=E5 =E2=ED=E8=EC=E0=ED=E8=E5= , >>>> $ fgrep -l 'will always overflow destination buffer' * >>>> mgetty-1.1.31-alt1.1 >>> =CD=F3 =E8 =F7=B8 =F1 =FD=F2=E8=EC =EF=F0=E5=E4=EB=E0=E3=E0=E5=F2=F1=FF= =E4=E5=EB=E0=F2=FC maintainerus vulgaris? > DVL> =CE=F0=F4=E0=ED=E8=F2=FC =FF =E1=F3=E4=F3 =FD=F2=E8 =EF=E0=EA=E5=F2= =FB, =ED=E5=F3=E6=E5=EB=E8 =ED=E5 =EE=F7=E5=E2=E8=E4=ED=EE =E5=F9=B8? >=20 > =D1 ppp =F7=F3=F2=EE=EA =EF=EE=E4=EE=E6=E4=E8 -- =FF =EF=EE=F1=F2=E0=F0= =E0=FE=F1=FC =ED=E0 =FD=F2=EE=E9 =ED=E5=E4=E5=EB=E5 =F1 =ED=E8=EC =F0=E0=E7= =EE=E1=F0=E0=F2=FC=F1=FF. >=20 =DD=F5, =E0 =EF=EE=EA=E0=E6=F3-=EA=E0 =FF =EE=E1=F9=E5=F1=F2=E2=E5=ED=ED=EE= =F1=F2=E8, =F7=F2=EE =F3 =EC=E5=ED=FF =EF=EE=EB=F3=F7=E8=EB=EE=F1=FC =E4=EB= =FF ppp =E8 =EE=F2=EF=F0=E0=E2=EB=E5=ED=EE =C4=E5=ED=E8=F1=F3 (=EF=F0=E8=E0=F2=F2=E0=F7= =E5=ED=EE). =C5=F1=EB=E8 =ED=E5 =F2=F0=F3=E4=ED=EE- =EA=E0=EA =FD=F2=EE =F1=E4=E5=EB=E0= =F2=FC =EB=F3=F7=F8=E5? --- WBR, jinn. --------------020404060806080907080802 Content-Type: text/plain; name="ppp-2.4.4-alt-fix-overflow-destination-buffer.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ppp-2.4.4-alt-fix-overflow-destination-buffer.patch" --- ppp-2.4.4/pppd/plugins/radius/clientid.c.orig 2007-09-29 16:38:20 +0400 +++ ppp-2.4.4/pppd/plugins/radius/clientid.c 2007-11-27 09:08:24 +0300 @@ -104,18 +104,29 @@ UINT4 rc_map2id(char *name) { struct map2id_s *p; - char ttyname[PATH_MAX]; + char *ttyname; + int ttyname_len=0; + char prefix_dev[6]; - *ttyname = '\0'; - if (*name != '/') - strcpy(ttyname, "/dev/"); - - strncat(ttyname, name, sizeof(ttyname)); + *prefix_dev = ""; + ttyname_len = strlen(name)+1; + + if (*name != '/') { + *prefix_dev = "/dev/"; + ttyname_len = ttyname_len+strlen(prefix_dev); + } + + ttyname = calloc(ttyname_len, sizeof(char)); + snprintf(ttyname, ttyname_len, "%s%s", prefix_dev, name); for(p = map2id_list; p; p = p->next) - if (!strcmp(ttyname, p->name)) return p->id; + if (!strcmp(ttyname, p->name)) { + free(ttyname); + return p->id; + } warn("rc_map2id: can't find tty %s in map database", ttyname); + free(ttyname); return 0; } --------------020404060806080907080802--