Anonymous | Login | Signup for a new account | 11-10-2008 12:40 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0004594 | [BusyBox] Other | minor | always | 08-13-08 17:57 | 08-14-08 14:58 | ||||
Reporter | cristic | View Status | public | ||||||
Assigned To | BusyBox | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | svn | ||||||
Summary | 0004594: nmeter buffer overflow | ||||||||
Description |
Test case: ./nmeter - The problem in in nmeter.c: 776: char buf[32]; ... 790: if (open_read_close("version", buf, sizeof(buf)) > 0) 791: is26 = (strstr(buf, " 2.4.")==NULL); At line 790, up to 32 chars are read into buf. If all 32 chars are used, there's no space left for a terminating zero, and strstr will read out-of-bounds memory. The fix would be to either resize buf or read only up to sizeof(buf)-1 char, and to terminate buf with a '\0'. Thanks, Cristian |
||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Copyright © 2000 - 2006 Mantis Group |