[Nut-upsdev] Stack corruption in newhidups.c
Herve Masson
herve-oss at mindstep.com
Fri Sep 22 14:53:38 UTC 2006
Hi,
(please let me know if there is a better place to submit bugs)
I run a FreeBSD box with stack-protector enabled, which raises a problem
in the upsdrv_initups() function of the newhidups.c module; the
regex_array variable is sized one item too small.
Regards,
Herve Masson
<<<<
void upsdrv_initups(void)
{
int i;
#ifndef SHUT_MODE
/*!
* SHUT is only supported by MGE UPS SYSTEMS units
* So we don't need the regex mechanism
*/
int r;
char *regex_array[5];
^^^^^^^^^^^^^^^ => should be 6
/* enforce use of the "vendorid" option if "generic" is given */
if (testvar("generic") && getval("vendorid")==NULL) {
fatalx("must specify \"vendorid\" when using \"generic\"");
}
/* process the UPS selection options */
regex_array[0] = getval("vendorid");
regex_array[1] = getval("productid");
regex_array[2] = getval("vendor");
regex_array[3] = getval("product");
regex_array[4] = getval("serial");
regex_array[5] = getval("bus");
>>>>>
More information about the Nut-upsdev
mailing list