diff options
| author |   dim <dim@openbsd.org> | 2007-07-09 16:39:48 +0000 |
|---|---|---|
| committer | dim <dim@openbsd.org> | 2007-07-09 16:39:48 +0000 |
| commit | 8743e97b9d3dde9bd38406e812f834a27aec68a8 (patch) | |
| tree | 0228fdc7af89cb037ca38c1beaac7a287a87a325 /usr.bin/file/file.h | |
| parent | Use -O1 for m68k to work around a gcc optimizer bug (diff) | |
| download | wireguard-openbsd-8743e97b9d3dde9bd38406e812f834a27aec68a8.tar.xz wireguard-openbsd-8743e97b9d3dde9bd38406e812f834a27aec68a8.zip | |
Fix possible heap overflow in file(1), aka CVE-2007-1536.
When writing data into a buffer in the file_printf() function, the
length of the unused portion of the buffer is not correctly tracked,
resulting in a buffer overflow when processing certain files.
Adapted from FreeBSD's SA-07:04.file fix, with ok and some minor
tweaks from canacar@ and ray@.
Diffstat (limited to 'usr.bin/file/file.h')
| -rw-r--r-- | usr.bin/file/file.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/file/file.h b/usr.bin/file/file.h index a02927f4207..d5db648de38 100644 --- a/usr.bin/file/file.h +++ b/usr.bin/file/file.h @@ -1,4 +1,4 @@ -/* $OpenBSD: file.h,v 1.16 2004/05/19 02:32:35 tedu Exp $ */ +/* $OpenBSD: file.h,v 1.17 2007/07/09 16:39:48 dim Exp $ */ /* * Copyright (c) Ian F. Darwin 1986-1995. * Software written by Ian F. Darwin and others; @@ -28,7 +28,7 @@ */ /* * file.h - definitions for file(1) program - * @(#)$Id: file.h,v 1.16 2004/05/19 02:32:35 tedu Exp $ + * @(#)$Id: file.h,v 1.17 2007/07/09 16:39:48 dim Exp $ */ #ifndef __file_h__ @@ -177,7 +177,7 @@ struct magic_set { /* Accumulation buffer */ char *buf; char *ptr; - size_t len; + size_t left; size_t size; /* Printable buffer */ char *pbuf; |