From nobody@FreeBSD.org  Tue Oct 22 04:15:49 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A1A6337B404
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Oct 2002 04:15:49 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 618E043E4A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Oct 2002 04:15:49 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9MBFn7R042505
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Oct 2002 04:15:49 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.6/8.12.6/Submit) id g9MBFnxn042504;
	Tue, 22 Oct 2002 04:15:49 -0700 (PDT)
Message-Id: <200210221115.g9MBFnxn042504@www.freebsd.org>
Date: Tue, 22 Oct 2002 04:15:49 -0700 (PDT)
From: Meadele Mathieu <meadele@nerim.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: libutil: property.c, properties_read() bad boundary check
X-Send-Pr-Version: www-1.0

>Number:         44379
>Category:       kern
>Synopsis:       [libutil] property.c, properties_read() bad boundary check
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 22 04:20:09 PDT 2002
>Closed-Date:    Sat Jul 30 01:20:02 GMT 2005
>Last-Modified:  Sat Jul 30 01:20:02 GMT 2005
>Originator:     Meadele Mathieu
>Release:        4.7-RELEASE
>Organization:
>Environment:
FreeBSD mach3 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 19 03:14:13 GMT 2002     root@mach3:/usr/obj/usr/src/sys/MACH3  i386     
>Description:
Hi,

There is a bad boundary check in properties_read() when parsing 'name=value'.

I patched property.c and added some corrections:
  - corrected bad boundary check.
  - ignore characters after space unless value is enclosed with brackets.
  - ignore characters after terminating bracket.
  - check for malloc/strdup return value.

The attached path applies on /usr/src/lib/libutil/property.c
>How-To-Repeat:

create a file holding a word longer than PROPERTY_MAX_NAME+1 (65) characters.
>Fix:
I submited a patch.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: arved 
State-Changed-When: Fri Jun 10 13:16:27 GMT 2005 
State-Changed-Why:  
The patch did not made it into the bugtracking system 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44379 
State-Changed-From-To: feedback->closed 
State-Changed-By: kris 
State-Changed-When: Sat Jul 30 01:19:53 GMT 2005 
State-Changed-Why:  
Feedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44379 
>Unformatted:
