[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cdp buffer overflow vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: cdp buffer overflow vulnerability
From: Vade 79 <v9@xxxxxxxxxxxxxxxxxxxx>
Date: 31 Mar 2004 21:45:04 -0000

In-Reply-To: <20040331161611.75451.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

for the patch you provided you should use sizeof(buffer), not strlen(buffer) 
(or 200) to limit the amount written to buffer[].

>--- songname.patch ---
>
>--- cdp.c       2004-03-31 15:48:55.000000000 +0100
>+++ cdp.1.c     2004-03-31 15:44:35.000000000 +0100
>@@ -154,7 +154,7 @@
>     for  ( ind = 0; ind < cdStatus.thiscd.ntracks;
>ind++ ) {
>         trk = &cdStatus.thiscd.trk[ ind ];
>         if  ( trk->songname != NULL ) {
>-            sprintf( buffer, "%s", trk->songname );
>+            snprintf( buffer, strlen(buffer), "%s",
>trk->songname );
>         } else
>             buffer[ 0 ] = 0;
>
>
>--- eof ---

Prev by Date: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Next by Date: [CLA-2004:834] Conectiva Security Announcement - openssl
Previous by thread: RE: cdp buffer overflow vulnerability
Next by thread: [ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability
Index(es):
- Date
- Thread