sockstat tcp/udp switches
Michael M. Press
deathjestr at gmail.com
Tue Nov 7 17:37:00 UTC 2006
Josh Carroll wrote:
> I included a limitation on the maximum length of a proto (mostly to
> avoid buffer overflows) and 20 is probably way too large, so I can
> lower that if need be.
I'm not sure buffer overflows are prevented:
static int
parse_protos(const char *protospec)
{
...
char curr_proto[MAX_PROTO_LEN];
while(...) {
...
if(pindex == MAX_PROTO_LEN) {
printf("Warning: truncating protocol\n");
curr_proto[pindex] = '\0';
...
}
}
...
}
The code above writes past the end of the array when the 'if' condition
is true. You probably meant if(pindex == MAX_PROTO_LEN-1).
More information about the freebsd-hackers
mailing list