beacon crashes if the length of the destination exceeds 20
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ax25-tools (Debian) |
Fix Released
|
Unknown
|
|||
ax25-tools (Ubuntu) |
Fix Released
|
Medium
|
Iulian Udrea |
Bug Description
Binary package hint: ax25-tools
The beacon tool crashes if the length of the -d parameter (destination calls and digipeater path) exceeds a length of 20 characters. This seems to happen because the destination path (char *destcall) is copied into addr (char addr[20]) without checking the length. See lines 106 of beacon.c:
...
105 else if (destcall != NULL)
106 strcpy(addr, destcall);
...
Checking the length of destcall before copying should solve the problem:
if (strlen(destcall) > 20) {
fprintf(stderr, "beacon: destination (-d) exceeds allowed length\n");
return 1;
} else
strcpy(addr, destcall);
I'd also propose to increase the length of addr a little since 20 characters seems a little few for longer pathes.
Related branches
- Iulian Udrea: Approve
- Ubuntu branches: Pending requested
-
Diff: 86 lines (+27/-8)3 files modifiedax25/beacon.c (+16/-7)
debian/changelog (+9/-0)
debian/control (+2/-1)
Changed in ax25-tools (Ubuntu): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in ax25-tools (Ubuntu): | |
status: | Confirmed → Fix Committed |
assignee: | nobody → Iulian Udrea (iulian) |
Changed in ax25-tools (Ubuntu): | |
importance: | Undecided → Medium |
Changed in ax25-tools (Debian): | |
status: | Unknown → New |
Changed in ax25-tools (Debian): | |
status: | New → Fix Released |
Report is decriptive enogh to go to dev. This is not really a "bug" but rather an oversight.