bin/50824: src/usr.sbin/altq/altqstat/quip_client.c:360: huge input data problem ?

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/50824: src/usr.sbin/altq/altqstat/quip_client.c:360: huge input data problem ?
From: dcb314%hotmail.com@localhost
Date: Wed, 17 Feb 2016 12:25:00 +0000 (UTC)

>Number:         50824
>Category:       bin
>Synopsis:       src/usr.sbin/altq/altqstat/quip_client.c:360: huge input data problem ?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 17 12:25:00 +0000 2016
>Originator:     David Binderman
>Release:        cvs dated 20160216
>Organization:
>Environment:
>Description:

[src/usr.sbin/altq/altqstat/quip_client.c:360]: (warning) scanf without field width limits can crash with huge input data.


Source code is

   if (sscanf(buf, "%s", qdisc) != 1)

but buf is populated from 

    result_code = quip_recvresponse(server, NULL, buf, &len);

so function quip_recvresponse can't know how big the buffer
to write into is. So it looks as if a sufficiently large buffer
will crash the function.


>How-To-Repeat:

>Fix:

Prev by Date: lib/50823: src/lib/libwrap/hosts_access.c:317: huge input data problem ?
Next by Date: port-amd64/50825: Kernel crash on Toshiba Chromebook 2
Previous by Thread: lib/50823: src/lib/libwrap/hosts_access.c:317: huge input data problem ?
Next by Thread: port-amd64/50825: Kernel crash on Toshiba Chromebook 2
Indexes:

Home | Main Index | Thread Index | Old Index