Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 Jul 2008 22:53:46 GMT
From:      "Pedro F. Giffuni" <pfgshield-freebsd@yahoo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/125787: print/nenscript prevent buffer overflow
Message-ID:  <200807192253.m6JMrk89099064@www.freebsd.org>
Resent-Message-ID: <200807192300.m6JN06P3074238@freefall.freebsd.org>

Next in thread | Raw E-Mail | Index | Archive | Help

>Number:         125787
>Category:       ports
>Synopsis:       print/nenscript prevent buffer overflow
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 19 23:00:06 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Pedro F. Giffuni
>Release:        6.3-Release
>Organization:
>Environment:
FreeBSD kakumen.cable.net.co 6.3-RELEASE FreeBSD 6.3-RELEASE #10: Sat Jan 19 01:
13:55 COT 2008     root@kakumen.cable.net.co:/usr/src/sys/amd64/compile/SMP  amd
64

>Description:
Minimal patch to prevent a buffer overflow. Really minimal, it's not exploitable.
>How-To-Repeat:
Found casually running security/flawfinder
>Fix:
diff -ruN nenscript.orig/files/patch-main.c nenscript/files/patch-main.c
--- nenscript.orig/files/patch-main.c	1969-12-31 19:00:00.000000000 -0500
+++ nenscript/files/patch-main.c	2008-07-19 14:34:43.000000000 -0500
@@ -0,0 +1,11 @@
+--- main.c.orig	2008-07-19 14:32:26.000000000 -0500
++++ main.c	2008-07-19 14:34:12.000000000 -0500
+@@ -601,7 +601,7 @@
+       exit (1);
+     }
+ #else
+-    sprintf (cmd, "%s %s", LPR, printername);
++    snprintf (cmd, sizeof(cmd), "%s %s", LPR, printername);
+     if ((outputstream = popen (cmd, "w")) == NULL) {
+       perror (LPR);
+       exit (1);


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200807192253.m6JMrk89099064>