[15518] in Athena Bugs
fixes for buffer overflows in snmpd
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Fri Sep 19 02:33:16 1997
From: <mhpower@MIT.EDU>
To: bugs@MIT.EDU
Date: Fri, 19 Sep 1997 02:33:12 EDT
The patches are relative to /mit/source/athena/etc/snmp/server/src
Matt
*** main.c.old Thu Feb 27 01:49:59 1997
--- main.c Fri Sep 19 02:11:22 1997
***************
*** 535,538 ****
--- 535,541 ----
return(BUILD_ERR);
+ if (hp->h_length != sizeof(myaddstr->sin_addr))
+ return(BUILD_ERR);
+
#ifdef NAMED
memcpy(&myaddstr->sin_addr,&(hp->h_addr),hp->h_length);
*** config.c.old Thu Feb 27 01:49:55 1997
--- config.c Fri Sep 19 02:23:18 1997
***************
*** 463,466 ****
if(!isdigit(*saddr))
! if(hp = gethostbyname(saddr))
memcpy(&(haddr.s_addr), hp->h_addr, hp->h_length);
#endif /* MIT */
--- 463,471 ----
if(!isdigit(*saddr))
! if(hp = gethostbyname(saddr)) {
! if (hp->h_length != sizeof(haddr.s_addr)) {
! syslog(LOG_ERR,"unexpected h_length value for %s", saddr);
! return(GEN_ERR);
! }
memcpy(&(haddr.s_addr), hp->h_addr, hp->h_length);
+ }
#endif /* MIT */
*** time_grp.c.old Thu Feb 27 01:50:05 1997
--- time_grp.c Fri Sep 19 02:18:46 1997
***************
*** 118,119 ****
--- 118,124 ----
}
+ if (hp->h_length != sizeof(dest.sin_addr.s_addr))
+ {
+ syslog(LOG_ERR, "unexpected h_length value for %s", hostname);
+ return((char *) NULL);
+ }
memcpy(&dest.sin_addr.s_addr, hp->h_addr, hp->h_length);
