[3802] in bugtraq
scanf overflow
daemon@ATHENA.MIT.EDU (David Sacerdote)
Mon Dec 16 15:54:20 1996
Date: Mon, 16 Dec 1996 13:21:09 -0700
Reply-To: David Sacerdote <davids@secnet.com>
From: David Sacerdote <davids@secnet.com>
X-To: bugtraq@crimelab.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Here is a patch I wrote for the Vixie Cron 2.1 scanf overflow, and sent to
Paul Vixie in September. It works because the buffer sscanf is reading
can be no longer than MAX_ENVSTR characters because the crontab file is
read using a modified fgets. The paranoid can replace %s with %1000s in
the scanf format string as well.
David Sacerdote
*** env.c Sun Dec 15 15:35:04 1996
--- env.c Sun Dec 15 15:34:54 1996
***************
*** 137,143 ****
{
long filepos;
int fileline;
! char name[MAX_TMPSTR], val[MAX_ENVSTR];
int fields;
filepos = ftell(f);
--- 137,143 ----
{
long filepos;
int fileline;
! char name[MAX_ENVSTR], val[MAX_ENVSTR];
int fields;
filepos = ftell(f);
----
The contents of this message are my personal thoughts, not those of my
employer.
