From nobody@FreeBSD.org Sat Sep 29 07:41:57 2001 Return-Path: Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7BFD137B40B for ; Sat, 29 Sep 2001 07:41:57 -0700 (PDT) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f8TEfvC70510; Sat, 29 Sep 2001 07:41:57 -0700 (PDT) (envelope-from nobody) Message-Id: <200109291441.f8TEfvC70510@freefall.freebsd.org> Date: Sat, 29 Sep 2001 07:41:57 -0700 (PDT) From: Dimitri Lommers To: freebsd-gnats-submit@FreeBSD.org Subject: fingerd(8) execv failure due to missing argv termination (patch) X-Send-Pr-Version: www-1.0 >Number: 30913 >Category: bin >Synopsis: fingerd(8) execv failure due to missing argv termination (patch) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 29 07:50:00 PDT 2001 >Closed-Date: Tue Oct 9 18:26:30 PDT 2001 >Last-Modified: Tue Oct 09 18:28:13 PDT 2001 >Originator: Dimitri Lommers >Release: 4.3-RELEASE >Organization: Hinttech Internetwork Technologies >Environment: Version of fingerd.c: $FreeBSD: src/libexec/fingerd/fingerd.c,v 1.16.2.1 2001/03/05 10:59:50 kris Exp $ >Description: When the maximum number of names are given to fingerd (50-3), the argv array given to execv will not be NULL terminated, resulting in a bad address return. >How-To-Repeat: telnet localhost finger, enter 47 or more arguments, see /var/log/messages >Fix: # diff -c fingerd.c fingerd.c.new *** fingerd.c Sat Sep 29 16:41:58 2001 --- fingerd.c.new Sat Sep 29 16:41:58 2001 *************** *** 161,168 **** av[1] = "-l"; comp = &av[0]; } ! else if (++ap == av + ENTRIES) break; lp = NULL; } --- 161,170 ---- av[1] = "-l"; comp = &av[0]; } ! else if (++ap == av + ENTRIES) { ! *ap = NULL; break; + } lp = NULL; } >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: chern State-Changed-When: Tue Oct 9 18:26:30 PDT 2001 State-Changed-Why: ru has applied your patch--fingerd.c v1.18 no longer suffers from this problem. Thanks! http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30913 >Unformatted: