Bugtraq mailing list archives
Re: cdp buffer overflow vulnerability
From: Vade 79 <v9 () fakehalo deadpig org>
Date: 31 Mar 2004 21:45:04 -0000
In-Reply-To: <20040331161611.75451.qmail () web25104 mail ukl yahoo com> for the patch you provided you should use sizeof(buffer), not strlen(buffer) (or 200) to limit the amount written to buffer[].
--- songname.patch --- --- cdp.c 2004-03-31 15:48:55.000000000 +0100 +++ cdp.1.c 2004-03-31 15:44:35.000000000 +0100 @@ -154,7 +154,7 @@ for ( ind = 0; ind < cdStatus.thiscd.ntracks; ind++ ) { trk = &cdStatus.thiscd.trk[ ind ]; if ( trk->songname != NULL ) { - sprintf( buffer, "%s", trk->songname ); + snprintf( buffer, strlen(buffer), "%s", trk->songname ); } else buffer[ 0 ] = 0; --- eof ---
Current thread:
- cdp buffer overflow vulnerability Shaun Colley (Mar 31)
- <Possible follow-ups>
- Re: cdp buffer overflow vulnerability Vade 79 (Mar 31)