You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
2.3 KiB
64 lines
2.3 KiB
From 8614cf0ad4a017184285e814a704322f59a28869 Mon Sep 17 00:00:00 2001
|
|
From: Michael Heimpold <mhei@heimpold.de>
|
|
Date: Wed, 12 Apr 2017 23:36:17 +0200
|
|
Subject: [PATCH] dataxfer.c: fix possible buffer overruns caused by
|
|
gai_strerror
|
|
|
|
This fixes a possible buffer overrun that could occur due to
|
|
gai_strerror() returning a string which is longer than the portbuff
|
|
array, i.e. longer than 32 byte.
|
|
|
|
Reported-by: David Thornley <david.thornley@touchstargroup.com>
|
|
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
|
Signed-off-by: Corey Minyard <cminyard@mvista.com>
|
|
|
|
diff --git a/dataxfer.c b/dataxfer.c
|
|
index 3d1e713..988f4e4 100644
|
|
--- a/dataxfer.c
|
|
+++ b/dataxfer.c
|
|
@@ -3702,18 +3702,20 @@ showshortport(struct controller_info *cntlr, port_info_t *port)
|
|
portbuff, sizeof(portbuff),
|
|
NI_NUMERICHOST | NI_NUMERICSERV);
|
|
if (err) {
|
|
- strcpy(buffer, "*err*");
|
|
- sprintf(portbuff, "%s", gai_strerror(err));
|
|
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err));
|
|
+ count = controller_outputf(cntlr, "%s", buffer);
|
|
+ } else {
|
|
+ count = controller_outputf(cntlr, "%s,%s", buffer, portbuff);
|
|
}
|
|
- bytes_recv = netcon->bytes_received;
|
|
- bytes_sent = netcon->bytes_sent;
|
|
|
|
- count = controller_outputf(cntlr, "%s,%s", buffer, portbuff);
|
|
while (count < 23) {
|
|
controller_outs(cntlr, " ");
|
|
count++;
|
|
}
|
|
|
|
+ bytes_recv = netcon->bytes_received;
|
|
+ bytes_sent = netcon->bytes_sent;
|
|
+
|
|
controller_outputf(cntlr, "%-22s ", port->io.devname);
|
|
controller_outputf(cntlr, "%-14s ", state_str[port->net_to_dev_state]);
|
|
controller_outputf(cntlr, "%-14s ", state_str[port->dev_to_net_state]);
|
|
@@ -3758,11 +3760,12 @@ showport(struct controller_info *cntlr, port_info_t *port)
|
|
portbuff, sizeof(portbuff),
|
|
NI_NUMERICHOST | NI_NUMERICSERV);
|
|
if (err) {
|
|
- strcpy(buffer, "*err*");
|
|
- sprintf(portbuff, "%s", gai_strerror(err));
|
|
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err));
|
|
+ controller_outputf(cntlr, " connected to: %s\r\n", buffer);
|
|
+ } else {
|
|
+ controller_outputf(cntlr, " connected to: %s,%s\r\n",
|
|
+ buffer, portbuff);
|
|
}
|
|
- controller_outputf(cntlr, " connected to: %s,%s\r\n",
|
|
- buffer, portbuff);
|
|
controller_outputf(cntlr, " bytes read from TCP: %d\r\n",
|
|
netcon->bytes_received);
|
|
controller_outputf(cntlr, " bytes written to TCP: %d\r\n",
|
|
--
|
|
2.7.4
|
|
|