Date: Tue, 22 Feb 2000 22:00:24 -0800 (PST) From: spock@techfour.net To: freebsd-gnats-submit@FreeBSD.org Subject: bin/16926: [PATCH] banner doesn't allocate space for nul Message-ID: <200002230600.WAA62291@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 16926 >Category: bin >Synopsis: [PATCH] banner doesn't allocate space for nul >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 22 22:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Mike Heffner >Release: 4.0-current >Organization: >Environment: FreeBSD 4.0-CURRENT #0: Sat Feb 19 20:05:45 EST 2000 >Description: Banner doesn't allocate enough memory for the nul character. Banner will seg fault if it's sent a string with any multiple of 4096 characters, because the nul ends up being written onto an unmapped page. This patch was posted to -audit a few weeks ago. >How-To-Repeat: run banner with a multiple of 4096 character string Ex: banner [4096] >Fix: apply the following patch and recompile. Index: usr.bin/banner/banner.c =================================================================== RCS file: /home/ncvs/src/usr.bin/banner/banner.c,v retrieving revision 1.7 diff -u -r1.7 banner.c --- banner.c 1999/12/04 02:11:51 1.7 +++ banner.c 2000/02/02 16:15:08 @@ -1063,7 +1063,7 @@ /* Have now read in the data. Next get the message to be printed. */ if (*argv) { for(i=0, j=0; i < argc; i++) - j += strlen(argv[i]) + (i != 0); + j += strlen(argv[i]) + 1; if ((message = malloc(j)) == NULL) err(1, "malloc"); strcpy(message, *argv); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002230600.WAA62291>