Project

General

Profile

Actions

Bug #9599

closed

Buffer overflow in usr/src/lib/libsocket/inet/ruserpass.c

Added by Thomas Barabosch almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
lib - userland libraries
Start date:
2018-06-14
Due date:
% Done:

100%

Estimated time:
0.00 h
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:

Description

There is a potential buffer overflow in usr/src/lib/libsocket/inet/ruserpass.c. One should not blindly trust environment variables:
hdir = getenv("HOME");
if (hdir == NULL)
hdir = ".";
(void) sprintf(buf, "%s/.netrc", hdir);

The patch is trivial, just use snprintf.


Files

ruserpass.c.patch (377 Bytes) ruserpass.c.patch Thomas Barabosch, 2018-06-14 09:23 AM
ruserpass.c.patch (371 Bytes) ruserpass.c.patch Thomas Barabosch, 2018-06-14 09:26 AM
Actions #1

Updated by Thomas Barabosch almost 5 years ago

Sorry, there were whitespaces instead of tabs in the patch. Fixed that.

BTW this bug was fixed in 1997 in FreeBSD (github mirror: e5d10bdc2e49726df5f9f4de7b68c37c1235a234)

Actions #2

Updated by Toomas Soome almost 5 years ago

  • Status changed from New to In Progress
  • Assignee set to Toomas Soome
  • % Done changed from 0 to 90
  • Difficulty changed from Medium to Bite-size
  • Tags deleted (needs-triage)
Actions #3

Updated by Toomas Soome almost 5 years ago

Thomas Barabosch wrote:

There is a potential buffer overflow in usr/src/lib/libsocket/inet/ruserpass.c. One should not blindly trust environment variables:
hdir = getenv("HOME");
if (hdir == NULL)
hdir = ".";
(void) sprintf(buf, "%s/.netrc", hdir);

The patch is trivial, just use snprintf.

https://www.illumos.org/rb/r/1106/

Actions #4

Updated by Electric Monk almost 5 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit 00f1a4f432b3d8aad1aa270e91c44c57f03ef407

commit  00f1a4f432b3d8aad1aa270e91c44c57f03ef407
Author: Toomas Soome <tsoome@me.com>
Date:   2018-07-09T16:33:58.000Z

    9599 Buffer overflow in usr/src/lib/libsocket/inet/ruserpass.c
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Reviewed by: Andy Fiddaman <af@citrus-it.net>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Reviewed by: Ken Mays <kmays2000@gmail.com>
    Approved by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>

Actions

Also available in: Atom PDF