Date: Wed, 13 Nov 2002 15:00:06 -0800 (PST) From: dave <daveb@optusnet.com.au> To: freebsd-bugs@FreeBSD.org Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog Message-ID: <200211132300.gADN06He019032@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR gnu/45168; it has been noted by GNATS. From: dave <daveb@optusnet.com.au> To: freebsd-gnats-submit@FreeBSD.org, saturnero@freesbie.org Cc: Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog Date: Thu, 14 Nov 2002 09:58:18 +1100 The result from a checklist is stored in the result variable, with a maximum length of MAX_LEN, which is defined in /usr/include/dialog.h or /usr/src/gnu/lib/libdialog/dialog.h as 2048. Your checklist's output is breaching this limit. Could the result variable perhaps be dynamically allocated to hold as much as argv does? I'm not too familiar with dialog, but does it ever output more than it receives as input? -- Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211132300.gADN06He019032>