Anonymous | Login | Signup for a new account | 11-10-2008 11:03 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0000939 | [BusyBox] Other | minor | always | 07-10-06 04:14 | 09-30-06 14:05 | ||||
Reporter | bcg | View Status | public | ||||||
Assigned To | BusyBox | ||||||||
Priority | normal | Resolution | fixed | ||||||
Status | closed | Product Version | svn | ||||||
Summary | 0000939: dpkg has one buffer overflow and one access to free'd memory | ||||||||
Description |
SVN 15217 breaks dpkg. It has: info_prefix = bb_xasprintf("/var/lib/dpkg/info/%s.", package_name); ...but later on the same function (unpack_package): strcat(info_prefix, "list"); Old version was ok: info_prefix = (char *) xmalloc(strlen(package_name) + 20 + 4 + 2); sprintf(info_prefix, "/var/lib/dpkg/info/%s.", package_name); There's also another bug in dpkg: If I update from foo-42-1.deb to foo-42-2.deb, dpkg accesses free'd memory. Attached is a patch to both bugs. |
||||||||
Additional Information | |||||||||
Attached Files | dpkg.patch [^] (1,116 bytes) 07-10-06 04:14 | ||||||||
|
Copyright © 2000 - 2006 Mantis Group |