 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 12:40 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004594 | [BusyBox] Other | minor | always | 08-13-08 17:57 | 08-14-08 14:58 | ||||
| Reporter | cristic | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | svn | ||||||
| Summary | 0004594: nmeter buffer overflow | ||||||||
| Description |
Test case: ./nmeter - The problem in in nmeter.c: 776: char buf[32]; ... 790: if (open_read_close("version", buf, sizeof(buf)) > 0) 791: is26 = (strstr(buf, " 2.4.")==NULL); At line 790, up to 32 chars are read into buf. If all 32 chars are used, there's no space left for a terminating zero, and strstr will read out-of-bounds memory. The fix would be to either resize buf or read only up to sizeof(buf)-1 char, and to terminate buf with a '\0'. Thanks, Cristian |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0010434) vda 08-14-08 14:58 |
fixed in rev 23078, thanks |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-13-08 17:57 | cristic | New Issue | |
| 08-13-08 17:57 | cristic | Status | new => assigned |
| 08-13-08 17:57 | cristic | Assigned To | => BusyBox |
| 08-14-08 14:58 | vda | Status | assigned => closed |
| 08-14-08 14:58 | vda | Note Added: 0010434 | |
| 08-14-08 14:58 | vda | Resolution | open => fixed |
| 08-14-08 14:58 | vda | Fixed in Version | => svn |
| Copyright © 2000 - 2006 Mantis Group |  |
