Date: Thu, 14 Sep 2000 14:49:30 +0400 (MSD) From: rabbit@lipetsk.ru To: FreeBSD-gnats-submit@freebsd.org Subject: gnu/21260: uux patch Message-ID: <200009141049.OAA38146@pluton.lipetsk.ru>
next in thread | raw e-mail | index | archive | help
>Number: 21260 >Category: gnu >Synopsis: buffer overrun in uux >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 14 04:00:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Alexey Antipov >Release: FreeBSD 4.1-RELEASE i386 >Organization: JSC "Lipetskelektosvyas", Lipetsk, Russia >Environment: System: FreeBSD 4.1-RELEASE i386 >Description: uux has buffer overrun and therefore incorrectly handling nodenames 8-characters length and probably all quad-multiple lengths. >How-To-Repeat: Execute command: echo "test" | uux.orig - -r -gd access!foobar12!rnews and you will see in the uucp spool a file with the incorrectly string : C uucp -C -W -d -g d D.X09IF foobar12(àHáhá!X.plutond09IF If you execute command: echo "test" | uux.orig - -r -gd access!foobar1!rnews and you will see in the uucp spool a file with the right string : C uucp -C -W -d -g d D.X09IF foobar1!X.plutond09IF >Fix: Just apply to uux.c the following patch: --- uux.c.orig Thu Sep 14 14:06:21 2000 +++ uux.c Thu Sep 14 13:49:24 2000 @@ -532,7 +532,7 @@ else { clen = zexclam - zcmd; - zforward = zbufalc (clen); + zforward = zbufalc (clen+4); memcpy (zforward, zcmd, clen); zforward[clen] = '\0'; zcmd = zexclam + 1; -- SY >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009141049.OAA38146>