On Wed, Jul 10, 2019 at 05:42:04PM +0000, Philip Paeps wrote:
> New Revision: 349890
> URL: https://svnweb.freebsd.org/changeset/base/349890
> 
> Log:
>   telnet: fix a couple of snprintf() buffer overflows
>   
> Modified: head/contrib/telnet/telnet/commands.c
> @@ -1655,10 +1655,11 @@ env_init(void)
>               char hbuf[256+1];
>               char *cp2 = strchr((char *)ep->value, ':');
>  
> -             gethostname(hbuf, 256);
> -             hbuf[256] = '\0';
> -             cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
> -             sprintf((char *)cp, "%s%s", hbuf, cp2);

Would it make sense to add something like __attribute__ ((deprecated))
to those unsafe functions like gets(), sprintf(), etc.?  Or it would
cause too much PITA?

./danfe
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to