Date: Thu, 14 Sep 2000 14:49:30 +0400 (MSD) From: rabbit@lipetsk.ru To: FreeBSD-gnats-submit@freebsd.org Subject: gnu/21260: uux patch Message-ID: <200009141049.OAA38146@pluton.lipetsk.ru>
next in thread | raw e-mail | index | archive | help
>Number: 21260
>Category: gnu
>Synopsis: buffer overrun in uux
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 14 04:00:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Alexey Antipov
>Release: FreeBSD 4.1-RELEASE i386
>Organization:
JSC "Lipetskelektosvyas", Lipetsk, Russia
>Environment:
System: FreeBSD 4.1-RELEASE i386
>Description:
uux has buffer overrun and therefore incorrectly handling nodenames
8-characters length and probably all quad-multiple lengths.
>How-To-Repeat:
Execute command:
echo "test" | uux.orig - -r -gd access!foobar12!rnews
and you will see in the uucp spool a file with the incorrectly string :
C uucp -C -W -d -g d D.X09IF foobar12(àHáhá!X.plutond09IF
If you execute command:
echo "test" | uux.orig - -r -gd access!foobar1!rnews
and you will see in the uucp spool a file with the right string :
C uucp -C -W -d -g d D.X09IF foobar1!X.plutond09IF
>Fix:
Just apply to uux.c the following patch:
--- uux.c.orig Thu Sep 14 14:06:21 2000
+++ uux.c Thu Sep 14 13:49:24 2000
@@ -532,7 +532,7 @@
else
{
clen = zexclam - zcmd;
- zforward = zbufalc (clen);
+ zforward = zbufalc (clen+4);
memcpy (zforward, zcmd, clen);
zforward[clen] = '\0';
zcmd = zexclam + 1;
--
SY
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009141049.OAA38146>