You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
1022 B
Diff
31 lines
1022 B
Diff
From 858976b1fc3107f1261aae337831959b511b83c2 Mon Sep 17 00:00:00 2001
|
|
From: Paul Mackerras <paulus@ozlabs.org>
|
|
Date: Sat, 4 Jan 2020 12:01:32 +1100
|
|
Subject: [PATCH] radius: Prevent buffer overflow in rc_mksid()
|
|
|
|
On some systems getpid() can return a value greater than 65535.
|
|
Increase the size of buf[] to allow for this, and use slprintf()
|
|
to make sure we never overflow it.
|
|
|
|
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
|
---
|
|
pppd/plugins/radius/util.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c
|
|
index 6f976a712951..740131e8377c 100644
|
|
--- a/pppd/plugins/radius/util.c
|
|
+++ b/pppd/plugins/radius/util.c
|
|
@@ -73,9 +73,9 @@ void rc_mdelay(int msecs)
|
|
char *
|
|
rc_mksid (void)
|
|
{
|
|
- static char buf[15];
|
|
+ static char buf[32];
|
|
static unsigned short int cnt = 0;
|
|
- sprintf (buf, "%08lX%04X%02hX",
|
|
+ slprintf(buf, sizeof(buf), "%08lX%04X%02hX",
|
|
(unsigned long int) time (NULL),
|
|
(unsigned int) getpid (),
|
|
cnt & 0xFF);
|