[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()
From: |
Federico Montesino Pouzols |
Subject: |
Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix() |
Date: |
Mon, 6 Jan 2003 20:08:56 +0100 |
User-agent: |
Mutt/1.4i |
I would say that replacing strcp with strncpy here will
prevent some crashes. Is there any objection to include this patch
upstream?
On Sat, Jan 04, 2003 at 12:33:27PM +0100, Gernot Hillier wrote:
> Hi!
>
> I stumbled over a very dangerous code part in CommonC++ in the KeyData
> implementation:
>
> void Keydata::loadPrefix(const char *pre, const char *keypath, const char
> *environment)
> {
> [...]
> if(*keypath == '~')
> {
> prefix = getenv("HOME");
> strcpy(path, prefix);
> strcat(path, "/.");
> ++keypath;
> }
> [...]
>
> This is a classical buffer overflow (use a environment variable, rely on its
> length and copy it to an internal buffer).
>
> I tried to fix it for the time being - but I don't actually know the class as
> I don't use it. Please triple-check my fixes - they're untested and I don't
> have read the complete code of keydata.cpp!
>
> So please see my patch just as a suggestion. I'll attach it...
>
> --
> Bye,
>
> Gernot
> _______________________________________________
> Bug-commoncpp mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/bug-commoncpp