Date: Fri, 28 Jan 2000 00:05:11 -0600 (CST) From: Kevin Day <toasty@dragondata.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/16415: Buffer overflow in procctl(8) Message-ID: <200001280605.AAA83141@celery.dragondata.com>
next in thread | raw e-mail | index | archive | help
>Number: 16415
>Category: bin
>Synopsis: Buffer overflow in procctl(8)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 27 22:10:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Kevin Day
>Release: FreeBSD 3.4-STABLE i386
>Organization:
DragonData Internet Services
>Environment:
Any FreeBSD system
>Description:
Procctl has a simple buffer overflow. It's not suid, so I wouldn't consider
this a security problem.
>How-To-Repeat:
su-2.03# procctl 22348723894723984728974892748923894729834728934798273489273498274
Segmentation fault (core dumped)
>Fix:
--- procctl.c Thu Jan 27 23:55:57 2000
+++ procctl.c Thu Jan 27 23:56:57 2000
@@ -63,7 +63,7 @@
for (i = 1; i < ac; i++) {
char buf[32];
- sprintf(buf, "/proc/%s/mem", av[i]);
+ snprintf(buf, sizeof(buf), "/proc/%s/mem", av[i]);
fd = open(buf, O_RDWR);
if (fd == -1) {
if (errno == ENOENT)
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001280605.AAA83141>