Bug#453899: ether_line returns far too much
Package: libc6
Version: 2.6.1-1+b1
I'm convinced this is an upstream bug, but the glibc upstream bug
reporting page is about as snarly as any I've ever seen, and insist I
report it to you instead.
Here's a test program:
#include <netinet/ether.h>
#include <stdio.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(void)
{
struct ether_addr addr;
char hostname[1024];
int fd = open("ethers", O_RDONLY);
const char *ethers = mmap(NULL, 100000, PROT_READ, MAP_SHARED, fd, 0);
ether_line(ethers, &addr, hostname);
printf("%s\n", hostname);
return 0;
}
And here's the data file (ie "ethers") I run it against:
00:16:35:4b:ca:eb charming
00:30:6e:1b:6f:2c fozzie
00:30:6e:38:2a:29 rowlf
00:30:6e:1e:6e:65 animal
# honeydew wireless (HP 11b card)
00:02:2d:1d:d7:f2 honeydew-wb
# honeydew wireless (3com 11g card)
00:12:a9:d1:8b:1f honeydew-wg
# honeydew tethered
08:00:46:77:c2:53 honeydew
Here's what MacOS X prints:
charming
Here's what glibc prints:
charming
00:30:6e:1b:6f:2c fozzie
00:30:6e:38:2a:29 rowlf
00:30:6e:1e:6e:65 animal
Clearly it stops at the first #, not at the end of line.
This is a severe bug as it can lead to overrunning the 'hostname' buffer.
--
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
Reply to: