[Nut-upsdev] Stack corruption in newhidups.c
Peter Selinger
selinger at mathstat.dal.ca
Sat Sep 23 01:44:19 UTC 2006
Oops, you are right. Thanks for reporting this. I fixed it now. -- Peter
Herve Masson wrote:
>
> Hi,
>
> (please let me know if there is a better place to submit bugs)
>
> I run a FreeBSD box with stack-protector enabled, which raises a problem
> in the upsdrv_initups() function of the newhidups.c module; the
> regex_array variable is sized one item too small.
>
> Regards,
> Herve Masson
>
> <<<<
> void upsdrv_initups(void)
> {
> int i;
> #ifndef SHUT_MODE
> /*!
> * SHUT is only supported by MGE UPS SYSTEMS units
> * So we don't need the regex mechanism
> */
> int r;
> char *regex_array[5];
> ^^^^^^^^^^^^^^^ => should be 6
>
> /* enforce use of the "vendorid" option if "generic" is given */
> if (testvar("generic") && getval("vendorid")==NULL) {
> fatalx("must specify \"vendorid\" when using \"generic\"");
> }
>
> /* process the UPS selection options */
> regex_array[0] = getval("vendorid");
> regex_array[1] = getval("productid");
> regex_array[2] = getval("vendor");
> regex_array[3] = getval("product");
> regex_array[4] = getval("serial");
> regex_array[5] = getval("bus");
> >>>>>
>
> _______________________________________________
> Nut-upsdev mailing list
> Nut-upsdev at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev
>
More information about the Nut-upsdev
mailing list