From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KmwFa-0004SH-P0 for garchives@archives.gentoo.org; Mon, 06 Oct 2008 20:00:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9CECAE0483; Mon, 6 Oct 2008 20:00:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 6C101E0486 for ; Mon, 6 Oct 2008 20:00:14 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 3E943649AC for ; Mon, 6 Oct 2008 20:00:13 +0000 (UTC) Received: from pva by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1KmwFZ-0008F1-0H for gentoo-commits@lists.gentoo.org; Mon, 06 Oct 2008 20:00:13 +0000 From: "Peter Volkov (pva)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, pva@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in app-forensics/chkrootkit/files: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch X-VCS-Repository: gentoo-x86 X-VCS-Files: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch X-VCS-Directories: app-forensics/chkrootkit/files X-VCS-Committer: pva X-VCS-Committer-Name: Peter Volkov Content-Type: text/plain; charset=utf8 Message-Id: Sender: Peter Volkov Date: Mon, 06 Oct 2008 20:00:13 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 2efe9e22-ce78-4902-ba3c-dd6c584b5c25 X-Archives-Hash: c433a80a52d527a59ffa498b8009c885 pva 08/10/06 20:00:13 Added: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.pat= ch Log: Fixed chkutmp crash, bug #184962, thank barbaz for report and Stewart G= ebbie for the fix. (Portage version: 2.2_rc11/cvs/Linux 2.6.26-gentoo-r1 i686) Revision Changes Path 1.1 app-forensics/chkrootkit/files/chkrootkit-0.48-chkut= mp.c-some-overruns-fixes.patch file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-forensics/chkr= ootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch?rev=3D1.= 1&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-forensics/chkr= ootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch?rev=3D1.= 1&content-type=3Dtext/plain Index: chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D modified file 'chkutmp.c' --- chkutmp.c 2008-10-06 19:07:51 +0000 +++ chkutmp.c 2007-10-20 07:56:19 +0000 @@ -23,6 +23,7 @@ * * Changelog:=20 * Ighighi X - Improved speed via break command - 2005/03/27=20 + * Stewart Gebbie - fixed buffer overrun bug related to MAXREAD and UT= _PIDLENGTH - 2007-10-20 * =20 */ =20 @@ -42,7 +43,7 @@ #endif #include =20 -#define MAXREAD 1024 +#define MAXREAD 4096 #define MAXBUF 4096 #define MAXLENGTH 256 #define UT_PIDSIZE 12 @@ -57,13 +58,13 @@ #endif =20 struct ps_line { - char ps_tty[UT_LINESIZE]; - char ps_user[UT_NAMESIZE]; - char ps_args[MAXLENGTH]; + char ps_tty[UT_LINESIZE+1]; + char ps_user[UT_NAMESIZE+1]; + char ps_args[MAXLENGTH+1]; int ps_pid; }; struct utmp_line { - char ut_tty[UT_LINESIZE]; + char ut_tty[UT_LINESIZE+1]; int ut_pid; int ut_type; }; @@ -77,7 +78,7 @@ int fetchps(struct ps_line *psl_p) { FILE *ps_fp; - char line[MAXREAD + 1], pid[UT_PIDSIZE]; + char line[MAXREAD + 1], pid[UT_PIDSIZE+1]; char *s, *d; struct ps_line *curp =3D &psl_p[0]; struct ps_line *endp =3D &psl_p[MAXBUF]; @@ -97,7 +98,7 @@ while (isspace(*s)) /* skip spaces */ s++; d =3D pid; - for (x =3D 0; (!isspace(*s)) && (*d++ =3D *s++) && x <=3D UT_LINESIZE;= x++) /* grab pid */ + for (x =3D 0; (!isspace(*s)) && (*d++ =3D *s++) && x <=3D UT_PIDSIZE; = x++) /* grab pid */ ; *d =3D '\0'; curp->ps_pid =3D atoi(pid);