pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line

>Number:         47462
>Category:       pkg
>Synopsis:       net/choparp on 64-Bit will fail to parse comamnd line
>Confidential:   yes
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 17 15:45:00 +0000 2013
>Originator:     Wolfgang Stukenbrock
>Release:        pkgsrc-2012Q3
Dr. Nagler & Company GmbH
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #3: Fri Dec 21 15:15:43 CET 
2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
        Due to baad pointer usage in sscanf() some data gets overwritten while
        paring the command line. This will result in a wrong ipaddress to be 
        for address matching.
        try to start chapart <if> <mac>
        It will not work as expected.
        The problem is the usage of an u_int32_t pointer to argument "%lx" in 
sscanf() in atoip().
        On 64-Bit architectures this is 64-bit not 32-bit ...
        The following patch will fix this problem:

--- orig.c      2013-01-17 16:37:24.000000000 +0100
+++ choparp.c   2013-01-17 16:38:07.000000000 +0100
@@ -349,13 +349,14 @@
 atoip(char *buf, u_int32_t *ip_addr){
     u_int      i0, i1, i2, i3;
+    long       l;
     if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
        *ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
-    if (sscanf(buf, "0x%lx", ip_addr) == 1)
-       return(0);
+    if (sscanf(buf, "0x%lx", &l) == 1)
+       { *ip_addr = 0; return(0); }

        We may discuss if the sscanf() at this location should be eliminated 
and replaced
        by something else - e.g. strtoul().
        But then we remove the enforcement for an hex-number too.


Home | Main Index | Thread Index | Old Index