From nobody Fri Apr 10 08:30:03 1998 Received: (from nobody@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA27846; Fri, 10 Apr 1998 08:30:03 -0700 (PDT) (envelope-from nobody) Message-Id: <199804101530.IAA27846@hub.freebsd.org> Date: Fri, 10 Apr 1998 08:30:03 -0700 (PDT) From: fetch@arcadia.spb.ru To: freebsd-gnats-submit@freebsd.org Subject: Inaccurate allocation of temporary buffer for warning output in ip_input.c X-Send-Pr-Version: www-1.0 >Number: 6263 >Category: kern >Synopsis: Inaccurate allocation of temporary buffer for warning output in ip_input.c >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 10 08:40:01 PDT 1998 >Closed-Date: Fri Apr 10 08:57:00 PDT 1998 >Last-Modified: Fri Apr 10 09:10:01 PDT 1998 >Originator: Andrey Alekseyev >Release: 2.2.2-RELEASE >Organization: Arcadia, Inc. >Environment: FreeBSD muffin.arcadia.spb.ru 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Thu Apr 9 16:13:27 MSD 1998 fetch@muffin.arcadia.spb.ru:/usr/src/ sys/compile/MUFFIN_IPFIL i386 >Description: I thought it would be useful to point to some inaccuracy in netinet/ip_input.c. When handling ip source routing, if not ip.sourceroute option is set a warning is written to log "attempted source route from .. to ..". A temporary buffer allocated as buf[4*sizeof "123"] is used to print destination ip and is filled as following strcpy(buf, inet_ntoa(ip->ip_dst));. I think using sizeof "123." would be much more correct in this case. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: wollman State-Changed-When: Fri Apr 10 08:57:00 PDT 1998 State-Changed-Why: Not a problem. From: Garrett Wollman To: fetch@arcadia.spb.ru Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: kern/6263: Inaccurate allocation of temporary buffer for warning output in ip_input.c Date: Fri, 10 Apr 1998 11:57:59 -0400 (EDT) < log "attempted source route from .. to ..". A temporary buffer > allocated as buf[4*sizeof "123"] is used to print destination ip and > is filled as following strcpy(buf, inet_ntoa(ip->ip_dst));. I think using sizeof "123." would be much more correct in this case. No, that would allocate a buffer four bytes longer than needed. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick >Unformatted: