[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()
From: |
David Sugar |
Subject: |
Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix() |
Date: |
Wed, 8 Jan 2003 00:04:15 -0500 |
User-agent: |
KMail/1.4.3 |
I think this is fine.
On Monday 06 January 2003 14:08, Federico Montesino Pouzols wrote:
> I would say that replacing strcp with strncpy here will
> prevent some crashes. Is there any objection to include this patch
> upstream?
>
> On Sat, Jan 04, 2003 at 12:33:27PM +0100, Gernot Hillier wrote:
> > Hi!
> >
> > I stumbled over a very dangerous code part in CommonC++ in the KeyData
> > implementation:
> >
> > void Keydata::loadPrefix(const char *pre, const char *keypath, const char
> > *environment)
> > {
> > [...]
> > if(*keypath == '~')
> > {
> > prefix = getenv("HOME");
> > strcpy(path, prefix);
> > strcat(path, "/.");
> > ++keypath;
> > }
> > [...]
> >
> > This is a classical buffer overflow (use a environment variable, rely on
> > its length and copy it to an internal buffer).
> >
> > I tried to fix it for the time being - but I don't actually know the
> > class as I don't use it. Please triple-check my fixes - they're untested
> > and I don't have read the complete code of keydata.cpp!
> >
> > So please see my patch just as a suggestion. I'll attach it...
> >
> > --
> > Bye,
> >
> > Gernot
> >
> >
> > _______________________________________________
> > Bug-commoncpp mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/bug-commoncpp
>
> _______________________________________________
> Bug-commoncpp mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/bug-commoncpp