2006-04-10 NeilBrown <neilb@suse.de>

Various paranoia checks: gssd_proc.c: pass max_field sizes to sscanf to avoid buffer overflow svcgssd_proc.c: range_check name.length, to ensure name.length+1 doesn't wrap idmapd.c(nfsdcb): make sure at least one byte is read before zeroing the last byte that was read, otherwise memory corruption is possible. Found by SuSE security audit.
author: neilbrown <neilbrown> 2006-04-10 09:57:17 +0000
committer: neilbrown <neilbrown> 2006-04-10 09:57:17 +0000
commit: 660809fe7e597520d17deab9225f1b371c08d65c (patch)
tree: b0da1b809f0f3ca6fac54b662486440998f9cea3 /utils/gssd/gssd_proc.c
parent: aa2d7a1e352a6c2190452ebc3c638b66a2cf6f9b (diff)
download: nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.gz
nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.xz
nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index bac0520..75a04f5 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -127,10 +127,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
 		goto fail;
 	close(fd);
 
-	numfields = sscanf(buf,"RPC server: %s\n"
-		   "service: %s %s version %s\n"
-		   "address: %s\n"
-		   "protocol: %s\n",
+	numfields = sscanf(buf,"RPC server: %127s\n"
+		   "service: %127s %15s version %15s\n"
+		   "address: %127s\n"
+		   "protocol: %15s\n",
 		   dummy,
 		   service, program, version,
 		   address,
author	neilbrown <neilbrown>	2006-04-10 09:57:17 +0000
committer	neilbrown <neilbrown>	2006-04-10 09:57:17 +0000
commit	660809fe7e597520d17deab9225f1b371c08d65c (patch)
tree	b0da1b809f0f3ca6fac54b662486440998f9cea3 /utils/gssd/gssd_proc.c
parent	aa2d7a1e352a6c2190452ebc3c638b66a2cf6f9b (diff)
download	nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.gz nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.tar.xz nfs-utils-660809fe7e597520d17deab9225f1b371c08d65c.zip