 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 10:58 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000742 | [BusyBox] Security | minor | always | 02-19-06 12:54 | 02-20-06 02:31 | ||||
| Reporter | rfelker | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | no change required | ||||||
| Status | closed | Product Version | 1.01 | ||||||
| Summary | 0000742: unterminated string in libbb/login.c | ||||||||
| Description |
In print_login_prompt, buf is not terminated if gethostname uses the full buffer (the extra byte allocated for the terminating null is left uninitialized). (SuSv3 does not require NULL termination by gethostname in the case where the full buffer is used.) Also, HOST_NAME_MAX (portable, from limits.h) should be used instead of MAXHOSTNAMELEN (nonportable, from sys/param.h). |
||||||||
| Additional Information |
In theory hostname may be set by a DHCP server, which may be a malicious remote attacker. Thus this is a security issue. Most likely it's at most DoS, but should be fixed anyway. |
||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0001119) vapier 02-19-06 15:03 |
fixed in svn |
|
(0001120) vodz 02-20-06 02:30 |
http://www.unix.org/single_unix_specification/ [^] The gethostname() function shall return the standard host name for the current machine. The namelen argument shall specify the size of the array pointed to by the name argument. The returned name shall be null-terminated, except that if namelen is an insufficient length to hold the host name, then the returned name shall be truncated and it is unspecified whether the returned name is null-terminated. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 02-19-06 12:54 | rfelker | New Issue | |
| 02-19-06 12:54 | rfelker | Status | new => assigned |
| 02-19-06 12:54 | rfelker | Assigned To | => BusyBox |
| 02-19-06 15:03 | vapier | Note Added: 0001119 | |
| 02-19-06 15:03 | vapier | Status | assigned => closed |
| 02-19-06 15:03 | vapier | Resolution | open => fixed |
| 02-20-06 02:30 | vodz | Status | closed => feedback |
| 02-20-06 02:30 | vodz | Resolution | fixed => reopened |
| 02-20-06 02:30 | vodz | Note Added: 0001120 | |
| 02-20-06 02:31 | vodz | Status | feedback => closed |
| 02-20-06 02:31 | vodz | Resolution | reopened => no change required |
| Copyright © 2000 - 2006 Mantis Group |  |
