[Midnightbsd-cvs] src: strfmon.c: Fix an integer overflow in the GET_NUMBER macro.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Apr 3 13:43:57 EDT 2008
Log Message:
-----------
Fix an integer overflow in the GET_NUMBER macro.
Found in http://secunia.com/cve_reference/CVE-2008-1391/
Modified Files:
--------------
src/lib/libc/stdlib:
strfmon.c (r1.2 -> r1.3)
-------------- next part --------------
Index: strfmon.c
===================================================================
RCS file: /home/cvs/src/lib/libc/stdlib/strfmon.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L lib/libc/stdlib/strfmon.c -L lib/libc/stdlib/strfmon.c -u -r1.2 -r1.3
--- lib/libc/stdlib/strfmon.c
+++ lib/libc/stdlib/strfmon.c
@@ -1,4 +1,4 @@
-/*-
+/* strfmon.c,v 1.4 2006/03/19 01:50:49 christos Exp */
* Copyright (c) 2001 Alexey Zelkin <phantom at FreeBSD.org>
* All rights reserved.
*
@@ -63,10 +63,15 @@
} while (0)
#define GET_NUMBER(VAR) do { \
- VAR = 0; \
+ int ovar; \
+ ovar = VAR = 0; \
while (isdigit((unsigned char)*fmt)) { \
VAR *= 10; \
VAR += *fmt - '0'; \
+ if (ovar > VAR) \
+ goto e2big_error; \
+ else \
+ ovar = VAR; \
fmt++; \
} \
} while (0)
More information about the Midnightbsd-cvs
mailing list