Date: Tue, 22 Oct 2002 04:15:49 -0700 (PDT) From: Meadele Mathieu <meadele@nerim.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/44379: libutil: property.c, properties_read() bad boundary check Message-ID: <200210221115.g9MBFnxn042504@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 44379 >Category: misc >Synopsis: libutil: property.c, properties_read() bad boundary check >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 22 04:20:09 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Meadele Mathieu >Release: 4.7-RELEASE >Organization: >Environment: FreeBSD mach3 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 19 03:14:13 GMT 2002 root@mach3:/usr/obj/usr/src/sys/MACH3 i386 >Description: Hi, There is a bad boundary check in properties_read() when parsing 'name=value'. I patched property.c and added some corrections: - corrected bad boundary check. - ignore characters after space unless value is enclosed with brackets. - ignore characters after terminating bracket. - check for malloc/strdup return value. The attached path applies on /usr/src/lib/libutil/property.c >How-To-Repeat: create a file holding a word longer than PROPERTY_MAX_NAME+1 (65) characters. >Fix: I submited a patch. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210221115.g9MBFnxn042504>