https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243747
Bug ID: 243747
Summary: Add another length check to the iruserok_sa
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: b...@freebsd.org
Reporter: arei...@veracode.com
This is not really a bug, I have not seen it misused in code utilizing the API
call, and I wonder the actual number of users of the call, but I file this if
it might be worth adding for robustness sake. Apologies to open a ticket for
such a small and likely inconsequential-if-not-changed bit of nitpickery, but
so it goes:
This is simply adding an additional length check to iruserok_sa() function in
lib/libc/net/rcmd.c. There is a check for the length on line 441:
427 iruserok_sa(const void *ra, int rlen, int superuser, const char *ruser,
428 const char *luser)
429 {
430 char *cp;
431 struct stat sbuf;
432 struct passwd *pwd;
433 FILE *hostf;
434 uid_t uid;
435 int first;
436 char pbuf[MAXPATHLEN];
437 const struct sockaddr *raddr;
438 struct sockaddr_storage ss;
439
440 /* avoid alignment issue */
441 if (rlen > sizeof(ss))
442 return(-1);
443 memcpy(&ss, ra, rlen);
Is worth changing to `(rlen > sizeof(ss) || rlen <= 0) ` ?
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
