Bugtraq mailing list archives
scanf overflow
From: davids () secnet com (David Sacerdote)
Date: Mon, 16 Dec 1996 13:21:09 -0700
Here is a patch I wrote for the Vixie Cron 2.1 scanf overflow, and sent to Paul Vixie in September. It works because the buffer sscanf is reading can be no longer than MAX_ENVSTR characters because the crontab file is read using a modified fgets. The paranoid can replace %s with %1000s in the scanf format string as well. David Sacerdote *** env.c Sun Dec 15 15:35:04 1996 --- env.c Sun Dec 15 15:34:54 1996 *************** *** 137,143 **** { long filepos; int fileline; ! char name[MAX_TMPSTR], val[MAX_ENVSTR]; int fields; filepos = ftell(f); --- 137,143 ---- { long filepos; int fileline; ! char name[MAX_ENVSTR], val[MAX_ENVSTR]; int fields; filepos = ftell(f); ---- The contents of this message are my personal thoughts, not those of my employer.
Current thread:
- [nph]test-cgi *Hobbit* (Dec 12)
- Re: [nph]test-cgi Laurent FACQ (Dec 16)
- Irix: scanners hole Yuri Volobuev (Dec 16)
- scanf overflow David Sacerdote (Dec 16)