diff options
Diffstat (limited to 'package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch')
-rw-r--r-- | package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch new file mode 100644 index 0000000000..1c5722e6dd --- /dev/null +++ b/package/network/services/ppp/patches/700-radius-Prevent-buffer-overflow-in-rc_mksid.patch @@ -0,0 +1,30 @@ +From 858976b1fc3107f1261aae337831959b511b83c2 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Sat, 4 Jan 2020 12:01:32 +1100 +Subject: [PATCH] radius: Prevent buffer overflow in rc_mksid() + +On some systems getpid() can return a value greater than 65535. +Increase the size of buf[] to allow for this, and use slprintf() +to make sure we never overflow it. + +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> +--- + pppd/plugins/radius/util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c +index 6f976a712951..740131e8377c 100644 +--- a/pppd/plugins/radius/util.c ++++ b/pppd/plugins/radius/util.c +@@ -73,9 +73,9 @@ void rc_mdelay(int msecs) + char * + rc_mksid (void) + { +- static char buf[15]; ++ static char buf[32]; + static unsigned short int cnt = 0; +- sprintf (buf, "%08lX%04X%02hX", ++ slprintf(buf, sizeof(buf), "%08lX%04X%02hX", + (unsigned long int) time (NULL), + (unsigned int) getpid (), + cnt & 0xFF); |