From nobody  Fri Apr 10 08:30:03 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA27846;
          Fri, 10 Apr 1998 08:30:03 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199804101530.IAA27846@hub.freebsd.org>
Date: Fri, 10 Apr 1998 08:30:03 -0700 (PDT)
From: fetch@arcadia.spb.ru
To: freebsd-gnats-submit@freebsd.org
Subject: Inaccurate allocation of temporary buffer for warning output in ip_input.c
X-Send-Pr-Version: www-1.0

>Number:         6263
>Category:       kern
>Synopsis:       Inaccurate allocation of temporary buffer for warning output in ip_input.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 10 08:40:01 PDT 1998
>Closed-Date:    Fri Apr 10 08:57:00 PDT 1998
>Last-Modified:  Fri Apr 10 09:10:01 PDT 1998
>Originator:     Andrey Alekseyev
>Release:        2.2.2-RELEASE
>Organization:
Arcadia, Inc.
>Environment:
FreeBSD muffin.arcadia.spb.ru 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0:
Thu Apr  9 16:13:27 MSD 1998     fetch@muffin.arcadia.spb.ru:/usr/src/
sys/compile/MUFFIN_IPFIL  i386
>Description:
I thought it would be useful to point to some inaccuracy in
netinet/ip_input.c. When handling ip source routing, if
not ip.sourceroute option is set a warning is written to
log "attempted source route from .. to ..". A temporary buffer
allocated as buf[4*sizeof "123"] is used to print destination ip and
is filled as following strcpy(buf, inet_ntoa(ip->ip_dst));. I think using sizeof "123." would be much more correct in this case.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: wollman 
State-Changed-When: Fri Apr 10 08:57:00 PDT 1998 
State-Changed-Why:  
Not a problem. 

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: fetch@arcadia.spb.ru
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: kern/6263: Inaccurate allocation of temporary buffer for warning output in ip_input.c
Date: Fri, 10 Apr 1998 11:57:59 -0400 (EDT)

 <<On Fri, 10 Apr 1998 08:30:03 -0700 (PDT), fetch@arcadia.spb.ru said:
 
 > log "attempted source route from .. to ..". A temporary buffer
 > allocated as buf[4*sizeof "123"] is used to print destination ip and
 > is filled as following strcpy(buf, inet_ntoa(ip->ip_dst));. I think using sizeof "123." would be much more correct in this case.
 
 No, that would allocate a buffer four bytes longer than needed.
 
 -GAWollman
 
 --
 Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
 wollman@lcs.mit.edu  | O Siem / The fires of freedom 
 Opinions not those of| Dance in the burning flame
 MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
>Unformatted:
