diff options
| author | Stefan Walter <stefan@FreeBSD.org> | 2008-10-19 08:09:02 +0000 |
|---|---|---|
| committer | Stefan Walter <stefan@FreeBSD.org> | 2008-10-19 08:09:02 +0000 |
| commit | 034313dfd8694b74aec316d7ddc2ec6da07bccb8 (patch) | |
| tree | 9b2a61cdd59adefef328964d29265879eeb649a7 /comms/qpage/files | |
| parent | cf192abfd080843f84e4222994243f9da00c505a (diff) | |
| download | ports-034313dfd8694b74aec316d7ddc2ec6da07bccb8.tar.gz ports-034313dfd8694b74aec316d7ddc2ec6da07bccb8.zip | |
Fix a potential buffer overflow.
PR: 128216
Submitted by: maintainer
Notes
Notes:
svn path=/head/; revision=221768
Diffstat (limited to 'comms/qpage/files')
| -rw-r--r-- | comms/qpage/files/patch-srvrsnpp.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/comms/qpage/files/patch-srvrsnpp.c b/comms/qpage/files/patch-srvrsnpp.c new file mode 100644 index 000000000000..95b27126e8ad --- /dev/null +++ b/comms/qpage/files/patch-srvrsnpp.c @@ -0,0 +1,28 @@ +--- srvrsnpp.c.orig 1998-10-25 14:55:05.000000000 -0500 ++++ srvrsnpp.c 2008-10-18 18:09:44.175331511 -0400 +@@ -523,6 +523,7 @@ + char *errmsg; + char *a; + char *b; ++ char *m; + int i; + int badarg; + int gotpager; +@@ -701,7 +702,16 @@ + + p->created = time(NULL); + (void)sprintf(buff, "%d", pagecount++); +- (void)strcat(p->messageid, buff); ++ m = (void *)malloc(sizeof(*m) * strlen(p->messageid) + sizeof(*m) * strlen(buff)); ++ if ( m == NULL ) { ++ message("554 Message failed (out of memory)"); ++ qpage_log(LOG_ERR, "snpp(): cannot allocate memory for p->messageid"); ++ clear_page(p, TRUE); ++ break; ++ } ++ (void)sprintf(m, "%s%s", p->messageid, buff); ++ my_free(p->messageid); ++ p->messageid = m; + + qpage_log(LOG_ALERT, "page submitted, id=%s, from=%s", + p->messageid, |