1 message in org.freebsd.freebsd-bugsgnu/21260: uux patch | From | Sent On | Attachments |
|---|---|---|
| rab...@lipetsk.ru | Sep 14, 2000 3:49 am |
| Subject: | gnu/21260: uux patch | |
|---|---|---|
| From: | rab...@lipetsk.ru (rab...@lipetsk.ru) | |
| Date: | Sep 14, 2000 3:49:08 am | |
| List: | org.freebsd.freebsd-bugs | |
Number: 21260 Category: gnu Synopsis: buffer overrun in uux Confidential: no Severity: serious Priority: medium Responsible: freebsd-bugs State: open Quarter: Keywords: Date-Required: Class: sw-bug Submitter-Id: current-users Arrival-Date: Thu Sep 14 04:00:01 PDT 2000 Closed-Date: Last-Modified: Originator: Alexey Antipov Release: FreeBSD 4.1-RELEASE i386 Organization: JSC "Lipetskelektosvyas", Lipetsk, Russia Environment:
System: FreeBSD 4.1-RELEASE i386
Description:
uux has buffer overrun and therefore incorrectly handling nodenames 8-characters length and probably all quad-multiple lengths.
How-To-Repeat:
Execute command: echo "test" | uux.orig - -r -gd access!foobar12!rnews and you will see in the uucp spool a file with the incorrectly string : C uucp -C -W -d -g d D.X09IF foobar12(àHáhá!X.plutond09IF If you execute command: echo "test" | uux.orig - -r -gd access!foobar1!rnews and you will see in the uucp spool a file with the right string : C uucp -C -W -d -g d D.X09IF foobar1!X.plutond09IF
Fix:
Just apply to uux.c the following patch:
--- uux.c.orig Thu Sep 14 14:06:21 2000 +++ uux.c Thu Sep 14 13:49:24 2000 @@ -532,7 +532,7 @@ else { clen = zexclam - zcmd; - zforward = zbufalc (clen); + zforward = zbufalc (clen+4); memcpy (zforward, zcmd, clen); zforward[clen] = '\0'; zcmd = zexclam + 1;
-- SY
Release-Note: Audit-Trail: Unformatted:
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message