Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 142028 Details for
Bug 207926
sys-devel/gcc-config has buffer overflows
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
example of overflow
test.c (text/plain), 1.46 KB, created by
Evan Teran
on 2008-01-28 16:52:21 UTC
(
hide
)
Description:
example of overflow
Filename:
MIME Type:
Creator:
Evan Teran
Created:
2008-01-28 16:52:21 UTC
Size:
1.46 KB
patch
obsolete
> >#define _REENTRANT >#define _GNU_SOURCE > >#define MAXPATHLEN 4096 > >#include <stdio.h> >#include <stdlib.h> >#include <sys/types.h> >#include <sys/stat.h> >#include <sys/param.h> >#include <unistd.h> >#include <sys/wait.h> >#include <libgen.h> >#include <string.h> >#include <stdarg.h> >#include <errno.h> > >/* cut from wrapper-1.5.0.c */ >struct wrapper_data { > char name[MAXPATHLEN + 1]; > char fullname[MAXPATHLEN + 1]; > char bin[MAXPATHLEN + 1]; > char tmp[MAXPATHLEN + 1]; > char *path; >}; > >int main() { > > /* setup test */ > struct wrapper_data d; > struct wrapper_data *data = &d; > > memset(data, 0, sizeof(data)); > > char str[MAXPATHLEN]; > memset(str, 'A', sizeof(str)); > str[MAXPATHLEN] = '\0'; > memset(data->name, 'B', sizeof(data->name)); > data->name[MAXPATHLEN] = '\0'; > > strcpy(data->tmp, "hello world"); > > > > >#define TEST >#ifdef TEST > /* do test, this code was copied directly from the wrapper-1.5.0.c > * lines 218 - 221 > */ > strncpy(data->bin, str, sizeof(data->bin) - 1); > data->bin[strlen(data->bin) - 1] = '/'; > strncat(data->bin, data->name, sizeof(data->bin) - 1); > data->bin[MAXPATHLEN] = 0; >#endif > > /* results */ > printf("strlen(data->name) = %d : should be %d\n", strlen(data->name), 4096); > printf("strlen(data->fullname) = %d : should be %d\n", strlen(data->fullname), 0); > printf("strlen(data->bin) = %d : should be %d\n", strlen(data->bin), 4096); > printf("strlen(data->tmp) = %d : should be %d\n", strlen(data->tmp), 11); > printf("data->path = %p : should be NULL\n", data->path); > >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 207926
: 142028