[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gcc4 compilation error

From: Jeff Sheltren
Subject: Re: gcc4 compilation error
Date: Wed, 06 Apr 2005 09:50:50 -0700
User-agent: Microsoft-Entourage/

Hi Mark, I did some more checking, and it looks like there is a possible
buffer overflow there (and I found a few others after that was fixed).  The
good news is, after changing a few snprintf calls to have a more appropriate
buffer size, cfagent is now running fine.  I'm attaching a patch which makes
the changes, although it currently uses a hardcoded '1024', which would be
better to change to some constant defined elsewhere.  For example, the one I
wrote about was line 52 of crypto.c:

AVDB is defined as 'char AVDB[1024]', but CF_BUFSIZE is 4096 (as is
CFWORKDIR), so a buffer overflow is possible there.  Changing the snprintf
call to use 1024 as the buffer size (since that is the size of AVDB) works

There were two others that I found after that was fixed (see the patch).
There may be more, but after fixing those I was able to do a clean run of
cfagent in my environment.


On 4/6/05 7:42 AM, "Mark Burgess" <address@hidden> wrote:

> It looks to me as though the problem might be in snprintf. I certainly
> cannot see anything wrong with the code as it stands.
> M

Attachment: cfengine-2.1.13-fc4.patch
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]