bug-commoncpp
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()

From: David Sugar
Subject: Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()
Date: Wed, 8 Jan 2003 00:04:15 -0500
User-agent: KMail/1.4.3 
I think this is fine.

On Monday 06 January 2003 14:08, Federico Montesino Pouzols wrote:
> I would say that replacing strcp with strncpy here will
> prevent some crashes. Is there any objection to include this patch
> upstream?
>
> On Sat, Jan 04, 2003 at 12:33:27PM +0100, Gernot Hillier wrote:
> > Hi!
> >
> > I stumbled over a very dangerous code part in CommonC++ in the KeyData
> > implementation:
> >
> > void Keydata::loadPrefix(const char *pre, const char *keypath, const char
> > *environment)
> > {
> > [...]
> >         if(*keypath == '~')
> >         {
> >                 prefix = getenv("HOME");
> >                 strcpy(path, prefix);
> >                 strcat(path, "/.");
> >                 ++keypath;
> >         }
> > [...]
> >
> > This is a classical buffer overflow (use a environment variable, rely on
> > its length and copy it to an internal buffer).
> >
> > I tried to fix it for the time being - but I don't actually know the
> > class as I don't use it. Please triple-check my fixes - they're untested
> > and I don't have read the complete code of keydata.cpp!
> >
> > So please see my patch just as a suggestion. I'll attach it...
> >
> > --
> > Bye,
> >
> > Gernot
> >
> >
> > _______________________________________________
> > Bug-commoncpp mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/bug-commoncpp
>
> _______________________________________________
> Bug-commoncpp mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/bug-commoncpp
reply via email to
[Prev in Thread] Current Thread [Next in Thread]