[ECOS] redboot's gets() buffer overflow

[ECOS] redboot's gets() buffer overflow

[Robin Farine]

Hi,

The gets() routine in redboot/current/src/io.c does not make use of its buflen
argument. I propose that the routine returns buflen when it reaches the end of
the buffer (this matches the routine's comment but could break some client code
that only check for _GETS_OK):

2001-04-12  Robin Farine  <acnrf@dial.eunet.ch>

	* src/io.c (gets): Checks for buffer overflow and returns buflen
	if it reaches the end of the buffer.

-------------------------<snip>-----------------------------------------
Index: io.c
===================================================================
RCS file: /usr/cvs/eCos/base/packages/redboot/current/src/io.c,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -r1.1.1.2 -r1.3
259a260,261
> 	if (ptr == buf + buflen)
> 	  return buflen;
-------------------------<snip>-----------------------------------------

Robin

Re: [ECOS] redboot's gets() buffer overflow

[Jonathan Larmour]

Robin Farine wrote:
> 
> Hi,
> 
> The gets() routine in redboot/current/src/io.c does not make use of its buflen
> argument.

Thanks - I've checked this in along with a change for main.c to make sure
it deals with it correctly.

Jifl
-- 
Red Hat, Rustat House, Clifton Road, Cambridge, UK. Tel: +44 (1223) 271062
Maybe this world is another planet's Hell -Aldous Huxley || Opinions==mine