-
assigned issue to
gethostent_r(3) potentially causes buffer overflow.
Issue #88
closed
after PR/46454 fix, parsing /etc/hosts file by fgetln(3) instead of fgets(3). but misuse of fgetln(3) may causes buffer overflow.
http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=46454
netbsd-5 branch doesn't work name resolution by /etc/hosts . http://releng.netbsd.org/cgi-bin/req-5.cgi?show=1910
netbsd-6 have same problems but still works for the sake of rewriting fgetln(3) by getdelim(3). http://releng.netbsd.org/cgi-bin/req-6.cgi?show=1085
note that pullup request's fix is also insufficient and still have buffer overflow ;-<
Comments (3)
-
reporter -
reporter - changed status to resolved
fixed by <<cset:b5fa89f6c42118e3f93726a17dacdaabe6645148>>.
-
reporter - changed status to closed
- Log in to comment