From e2392789784483d5c142443388c1a0bf8508592b Mon Sep 17 00:00:00 2001 From: Stelian Pop Date: Mon, 31 Mar 2003 10:09:37 +0000 Subject: [PATCH] Security fixes from Antonomasia. --- CHANGES | 5 ++++- rmt/rmt.c | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index ef2eb83..1735a9f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,4 @@ -$Id: CHANGES,v 1.223 2003/03/31 09:42:54 stelian Exp $ +$Id: CHANGES,v 1.224 2003/03/31 10:09:37 stelian Exp $ Changes between versions 0.4b33 and 0.4b34 (released ?????????????????) ======================================================================= @@ -76,6 +76,9 @@ Changes between versions 0.4b33 and 0.4b34 (released ?????????????????) Markus Oberhumer for giving special permission to include his miniLZO project (GPL licensed) in dump/restore. +17. Some small buffer overruns fixes in rmt. Thanks to Antonomasia + for reporting the bugs. + Changes between versions 0.4b32 and 0.4b33 (released February 10, 2003) ======================================================================= diff --git a/rmt/rmt.c b/rmt/rmt.c index e977d95..3bd6207 100644 --- a/rmt/rmt.c +++ b/rmt/rmt.c @@ -37,7 +37,7 @@ #ifndef lint static const char rcsid[] = - "$Id: rmt.c,v 1.24 2003/03/30 15:40:40 stelian Exp $"; + "$Id: rmt.c,v 1.25 2003/03/31 10:09:41 stelian Exp $"; #endif /* not linux */ /* @@ -187,6 +187,8 @@ top: case 'W': getstring(count); n = atoi(count); + if (n < 1) + exit(2); DEBUG2("rmtd: W %s (block = %lu)\n", count, block); record = checkbuf(record, n); for (i = 0; i < n; i += cc) { @@ -417,7 +419,7 @@ void getstring(char *bp) int i; char *cp = bp; - for (i = 0; i < SSIZE; i++) { + for (i = 0; i < SSIZE - 1; i++) { if (read(0, cp+i, 1) != 1) exit(0); if (cp[i] == '\n') -- 2.39.5