On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
> The buffer overflowed is a 80 byte static local buffer:
> static char buf[80];
It is patched by default in FreeBSD's package collection. Here's
the patch below (author: [EMAIL PROTECTED]).
I have also issued a bugfix release including this patch, available
from http://www.freenix.org/reseau/bing-1.0.5.tar.gz
--- bing.c.orig Thu Jul 20 16:45:32 1995
+++ bing.c Sat Mar 4 16:13:05 2000
@@ -718,13 +718,13 @@
u_long l;
{
struct hostent *hp;
- static char buf[80];
+ static char buf[MAXHOSTNAMELEN+19];
if ((options & F_NUMERIC) ||
!(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
- (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
+ (void)snprintf(buf, sizeof(buf), "%s", inet_ntoa(*(struct in_addr
+*)&l));
else
- (void)sprintf(buf, "%s (%s)", hp->h_name,
+ (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
inet_ntoa(*(struct in_addr *)&l));
return(buf);
}
--
Pierre Beyssac [EMAIL PROTECTED] [EMAIL PROTECTED]
Linux : ceux qui n'adorent pas sont forcément des cons
Free domains: http://www.eu.org/ or mail [EMAIL PROTECTED]
