[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Tue, 25 Feb 2003 07:42:40 +0300
From: Solar Designer <solar@...nwall.com>
To: xvendor@...ts.openwall.com
Subject: zlib gzprintf() patch
Hi,
Just thought I'd share the tiny patch that went into Owl. Attached.
The lack of configure checking for vsnprintf() is intentional (I want
this to not compile without a vsnprintf() anyway).
The Owl change log entry is:
2003/02/25 Package: zlib
Corrected a potential buffer overflow in gzprintf(), thanks to Bugtraq
postings by Crazy Einstein, Richard Kettlewell, and Carlo Marcelo
Arenas Belon.
--
/sd
diff -ur zlib-1.1.4.orig/gzio.c zlib-1.1.4/gzio.c
--- zlib-1.1.4.orig/gzio.c Mon Mar 11 16:16:01 2002
+++ zlib-1.1.4/gzio.c Tue Feb 25 07:08:36 2003
@@ -529,14 +529,9 @@
int len;
va_start(va, format);
-#ifdef HAS_vsnprintf
- (void)vsnprintf(buf, sizeof(buf), format, va);
-#else
- (void)vsprintf(buf, format, va);
-#endif
+ len = vsnprintf(buf, sizeof(buf), format, va);
va_end(va);
- len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
- if (len <= 0) return 0;
+ if (len <= 0 || len >= sizeof(buf)) return 0;
return gzwrite(file, buf, (unsigned)len);
}
@@ -552,15 +547,9 @@
char buf[Z_PRINTF_BUFSIZE];
int len;
-#ifdef HAS_snprintf
- snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
+ len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
-#else
- sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
- a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
-#endif
- len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
- if (len <= 0) return 0;
+ if (len <= 0 || len >= sizeof(buf)) return 0;
return gzwrite(file, buf, len);
}
Please check out the
xvendor mailing list charter.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux