lib/50823: src/lib/libwrap/hosts_access.c:317: huge input data problem ?

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/50823: src/lib/libwrap/hosts_access.c:317: huge input data problem ?
From: dcb314%hotmail.com@localhost
Date: Wed, 17 Feb 2016 12:10:00 +0000 (UTC)

>Number:         50823
>Category:       lib
>Synopsis:       src/lib/libwrap/hosts_access.c:317: huge input data problem ?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 17 12:10:00 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160216
>Organization:
>Environment:
>Description:

[src/lib/libwrap/hosts_access.c:317]: (warning) scanf without field width limits can crash with huge input data.

Source code is

    while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
         /* void */ ;

but

    char    tok[BUFSIZ];

so the code assumes all lines in the file are shorter than BUFSIZ
and will smash the stack if they aren't. This might be a security issue.

>How-To-Repeat:

>Fix:

Prev by Date: lib/50822: src/lib/libm/arch/i387/fenv.c: 2 * bad size in memcpy ?
Next by Date: bin/50824: src/usr.sbin/altq/altqstat/quip_client.c:360: huge input data problem ?
Previous by Thread: lib/50822: src/lib/libm/arch/i387/fenv.c: 2 * bad size in memcpy ?
Next by Thread: Re: lib/50823: src/lib/libwrap/hosts_access.c:317: huge input data problem ?
Indexes:

Home | Main Index | Thread Index | Old Index