[914] in Zephyr_Bugs
Re: fixes for buffer overflows and other bugs in zhm, fixes for buffer overflows and other bugs in zhm
daemon@ATHENA.MIT.EDU (Greg Stark)
Sun Mar 1 23:02:15 1998
To: mhpower@MIT.EDU
Cc: bugs@MIT.EDU, zephyr-bugs@MIT.EDU, sipb-athena-bugs@MIT.EDU
From: Greg Stark <gsstark@MIT.EDU>
In-Reply-To: mhpower@MIT.EDU's message of "Sun, 14 Sep 1997 02:47:23 EDT"
Date: 01 Mar 1998 23:02:02 -0500
> ***************
> *** 477,478 ****
> --- 501,506 ----
> list[0] = (char *) malloc(MAXHOSTNAMELEN);
> + if (list[0] == NULL) {
> + printf("Out of memory.\n");
> + exit(-5);
> + }
> strcpy(list[0], cur_serv);
> ***************
> *** 479,480 ****
> --- 507,512 ----
> list[1] = (char *) malloc(64);
> + if (list[1] == NULL) {
> + printf("Out of memory.\n");
> + exit(-5);
> + }
> sprintf(list[1], "%d", queue_len());
[... and so on and so on]
Maybe i've been doing too much lisp hacking, but this seems a lot nicer.
Sorry, i can't make a convenient patch, i'm working with 2.0.4 source.
if (!(list[0] = (char *)malloc(MAXHOSTNAMELEN)) ||
!(list[1] = (char *)malloc(64)) ||
!(list[2] = (char *)malloc(64)) ||
!(list[3] = (char *)malloc(64)) ||
!(list[4] = (char *)malloc(64)) ||
!(list[5] = (char *)malloc(64)) ||
!(list[6] = (char *)malloc(64)) ||
!(list[7] = (char *)malloc(64)) ||
!(list[8] = (char *)malloc(64)) ||
!(list[9] = (char *)malloc(32)) )
{
printf("Out of memory.\n");
exit(-5);
}
(void)strcpy(list[0], cur_serv);
(void)sprintf(list[1], "%d", queue_len());
(void)sprintf(list[2], "%d", nclt);
(void)sprintf(list[3], "%d", nserv);
(void)sprintf(list[4], "%d", nservchang);
(void)strcpy(list[5], rcsid_hm_c);
if (no_server)
(void)sprintf(list[6], "yes");
else
(void)sprintf(list[6], "no");
(void)sprintf(list[7], "%ld", time((time_t *)0) - starttime);
#ifdef adjust_size
size = (unsigned long)sbrk(0);
adjust_size (size);
#else
size = -1;
#endif
(void)sprintf(list[8], "%ld", size);
(void)strcpy(list[9], MACHINE_TYPE);
