pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/47462: net/choparp on 64-Bit will fail to parse comamnd line
>Number: 47462
>Category: pkg
>Synopsis: net/choparp on 64-Bit will fail to parse comamnd line
>Confidential: yes
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 17 15:45:00 +0000 2013
>Originator: Wolfgang Stukenbrock
>Release: pkgsrc-2012Q3
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #3: Fri Dec 21 15:15:43 CET
2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
Due to baad pointer usage in sscanf() some data gets overwritten while
paring the command line. This will result in a wrong ipaddress to be
used
for address matching.
>How-To-Repeat:
try to start chapart <if> <mac> 10.11.12.0/0xffffff00.
It will not work as expected.
>Fix:
The problem is the usage of an u_int32_t pointer to argument "%lx" in
sscanf() in atoip().
On 64-Bit architectures this is 64-bit not 32-bit ...
The following patch will fix this problem:
--- orig.c 2013-01-17 16:37:24.000000000 +0100
+++ choparp.c 2013-01-17 16:38:07.000000000 +0100
@@ -349,13 +349,14 @@
int
atoip(char *buf, u_int32_t *ip_addr){
u_int i0, i1, i2, i3;
+ long l;
if (sscanf(buf, "%u.%u.%u.%u", &i0, &i1, &i2, &i3) == 4){
*ip_addr = (i0 << 24) + (i1 << 16) + (i2 << 8) + i3;
return(0);
}
- if (sscanf(buf, "0x%lx", ip_addr) == 1)
- return(0);
+ if (sscanf(buf, "0x%lx", &l) == 1)
+ { *ip_addr = 0; return(0); }
return(-1);
}
We may discuss if the sscanf() at this location should be eliminated
and replaced
by something else - e.g. strtoul().
But then we remove the enforcement for an hex-number too.
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index