ALT Linux Bugzilla
– Attachment 5029 Details for
Bug 25954
buffer overflow detected
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
Вот такой патч вроде бы решает проблему
tftp.patch (text/plain), 1.23 KB, created by
Damir Shayhutdinov
on 2011-07-27 18:02:24 MSK
(
hide
)
Description:
Вот такой патч вроде бы решает проблему
Filename:
MIME Type:
Creator:
Damir Shayhutdinov
Created:
2011-07-27 18:02:24 MSK
Size:
1.23 KB
patch
obsolete
>diff --git a/tftp/tftp.c b/tftp/tftp.c >index d15da22..6270329 100644 >--- a/tftp/tftp.c >+++ b/tftp/tftp.c >@@ -52,7 +52,7 @@ sigjmp_buf toplevel; > sigjmp_buf timeoutbuf; > > static void nak(int, const char *); >-static int makerequest(int, const char *, struct tftphdr *, const char *); >+static int makerequest(int, const char *, void *, const char *); > static void printstats(const char *, unsigned long); > static void startclock(void); > static void stopclock(void); >@@ -276,17 +276,23 @@ void tftp_recvfile(int fd, const char *name, const char *mode) > > static int > makerequest(int request, const char *name, >- struct tftphdr *tp, const char *mode) >+ void *p, const char *mode) > { > char *cp; >+ struct tftphdr *tp = p; >+ size_t namelen, modelen; > > tp->th_opcode = htons((u_short) request); >- cp = (char *)&(tp->th_stuff); >+ cp = (char*)p + offsetof(struct tftphdr, th_stuff); >+ namelen = strlen(name); >+ modelen = strlen(mode); >+ if (namelen + modelen + 2 > SEGSIZE) >+ perror("Filename is too long"); > strcpy(cp, name); >- cp += strlen(name); >+ cp += namelen; > *cp++ = '\0'; > strcpy(cp, mode); >- cp += strlen(mode); >+ cp += modelen; > *cp++ = '\0'; > return (cp - (char *)tp); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 25954
:
5025
|
5027
| 5029