From nobody  Tue Jul  7 05:11:52 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA16620;
          Tue, 7 Jul 1998 05:11:52 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199807071211.FAA16620@hub.freebsd.org>
Date: Tue, 7 Jul 1998 05:11:52 -0700 (PDT)
From: Anders.x.thulin@telia.se
To: freebsd-gnats-submit@freebsd.org
Subject: Buffer overflow in game fish/fish.c
X-Send-Pr-Version: www-1.0

>Number:         7195
>Category:       bin
>Synopsis:       Buffer overflow in game fish/fish.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul  7 05:20:00 PDT 1998
>Closed-Date:    Wed Jul 8 23:10:03 PDT 1998
>Last-Modified:  Wed Oct 26 05:42:41 GMT 2005
>Originator:     Anders Thulin
>Release:        FreeBSD 2.2.6-RELEASE i386
>Organization:
-
>Environment:
FreeBSD myname.my.domain 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Wed Mar 25 02:28:49 GMT 1998     jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC  i386

>Description:
User input is read to a automatic buffer sized 256 bytes. 
The call to fgets() uses BUFSIZ for length rather than sizeof(buf).

Minor nit: fish.c declares random() privately, hiding the
declaration already included from <stdlib.h>. 

>How-To-Repeat:
Not applicable.  Problem was discovered while linting the code.

>Fix:
136c136
< 		if (fgets(buf, BUFSIZ, stdin) == NULL)
---
> 		if (fgets(buf, sizeof(buf), stdin) == NULL)
403,404d402
< 	long random();
< 


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Wed Jul 8 23:10:03 PDT 1998 
State-Changed-Why:  
fixed, thanks! 
>Unformatted:
