Hi,
this fixes an overwrite of spcl.c_addr. Taken form FreeBSD.
See https://marc.info/?l=openbsd-misc&m=160018252418088&w=2
-Otto
Index: tape.c
===
RCS file: /cvs/src/sbin/dump/tape.c,v
retrieving revision 1.45
diff -u -p
Hi,
until now, canary bytes (used by the C olption) were the same as the
bytes used to junk (0xfd). This means that certain overwrites are not
detected, like setting the high bit.
This makes the byte value used to write canaries random. I do not want
to complicate the code to handle all combina
This allows e.g. a sequence of clients to have 2-way conversations.
Prior to this, server standard input was effectively discarded.
-k -l -u -v reports each time a message comes from a different client
than that from which the previous message came.
Signed-off-by: Duncan Roe
---
usr.bin/nc/net
'nitems()' calculates the length of an array in number of items.
It is safe: if a pointer is passed to the macro (or function, in C++),
the compilation is broken due to:
- In >= C11: _Static_assert()
- In C89, C99: Negative anonymous bitfield
- In C++: The template requires an array
This patch
Copy with uiomove(9) the correct size of the descriptor and not a random
value from the stack. This is Coverity CID 1497167.
As I understand it there's no security impact as the size is always
caped by `ufd_size' however the returned descriptor might be corrupted
and this can explain why userland