homemade fix for recent bash buf OF

From: Andrey Alekseyev (fetchat_private)
Date: Fri Oct 30 1998 - 12:10:51 PST

Next message: Alessio Orlandi: "DCC HiJacking patch for BitchX 75p1"

Previous message: Jim Reavis: "Re: Javascript bug in Netscape Communicator 4.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Having recently got an extremely high anxiety for buffer overflow
in present bash versions (that case with PS1 and rl_redisplay in
lib/readline/dislay.c) I developed a small patch for myself (below).
Seems to be functional, although produces a slightly strange
effect when setting very long PS1 (no prompt at all:) , but no
fault also).
So, the patch itself (bash version is 2.02.1)

--- display.c.orig      Tue Jun 30 20:09:32 1998
+++ display.c   Fri Oct 30 22:56:50 1998
@@ -373,8 +373,11 @@

       if (local_len > 0)
        {
-         strncpy (line + out, local_prompt, local_len);
-         out += local_len;
+         if ((out + local_len) < line_size)
+         {
+              strncpy (line + out, local_prompt, local_len);
+              out += local_len;
+         }
        }
       line[out] = '\0';
       wrap_offset = local_len - visible_length;
@@ -399,8 +402,11 @@
        }

       pmtlen = strlen (prompt_this_line);
-      strncpy (line + out,  prompt_this_line, pmtlen);
-      out += pmtlen;
+      if ((out + pmtlen) < line_size)
+      {
+          strncpy (line + out,  prompt_this_line, pmtlen);
+          out += pmtlen;
+      }
       line[out] = '\0';
       wrap_offset = 0;
     }

--
=fetch

Next message: Alessio Orlandi: "DCC HiJacking patch for BitchX 75p1"
Previous message: Jim Reavis: "Re: Javascript bug in Netscape Communicator 4.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:47 PDT