27848 – cidr crashes because of an incorrect use of strtok

Bug 27848 - cidr crashes because of an incorrect use of strtok

Summary: cidr crashes because of an incorrect use of strtok

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High minor (vote)
Assignee:	Patrick Kursawe (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-03 01:47 UTC by edi
Modified:	2003-09-03 12:58 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
the patched source (cidr.c,10.11 KB, text/plain) 2003-09-03 01:48 UTC, edi	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description edi 2003-09-03 01:47:09 UTC

cidr do malloc the return buffers of strtok, but it's wrong because that func
returns a ptr _into_ the space of the buffer passed.
Obviously it try to do some free(), but they are wrong so we get SIGSEGV.

I patched the source in the correct way.

Reproducible: Always
Steps to Reproduce:
1. emerge cidr
2. cidr 172.16.0.1/17
3. sigsegv

Actual Results:  
you get a segmentation violation error. as i said like 2^32 times.

Expected Results:  
do not segfault and exit correctly.

Comment 1 edi 2003-09-03 01:48:14 UTC

Created attachment 16995 [details]
the patched source

the correct code, i post that on bugs.gentoo.org because the
homepage of the author is down.

Comment 2 Patrick Kursawe (RETIRED) gentoo-dev

2003-09-03 02:32:42 UTC

Thanks for reporting. I recommend running "diff -u old_file new_file" next time, though :-)

Did you already send email to the author?

Comment 3 edi 2003-09-03 12:58:43 UTC

i would make diff -u the next time, but the changes are reduced to like..
4 lines of code, so i submitted the enire patched file.

thanks man