bug-glibc
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-glibc] PR 82 revisited


From: Andreas Jaeger
Subject: Re: [Bug-glibc] PR 82 revisited
Date: 19 Sep 2000 14:56:52 +0200
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Channel Islands)

>>>>> Jens-Uwe Mager writes:

 > The fix for the host name length problem introduced in PR#82 does itself
 > overrun the allocated buffer by one byte. The code in sunrpc/clnt_simp.c
 > is:

crp-> oldhost = malloc(256);

 > and later:

 >      (void) strncpy(crp->oldhost, host, 255);
crp-> oldhost[256] = '\0';

 > The nul byte is written one byte beyond the allocated buffer, I would
 > suspect:

crp-> oldhost[255] = '\0';

 > was meant here. The problem pops up if the program using callrpc is
 > debugged using efence.

I agree and have fixed this now for glibc 2.2.

Thanks,
Andreas
-- 
 Andreas Jaeger
  SuSE Labs address@hidden
   private address@hidden
    http://www.suse.de/~aj


reply via email to

[Prev in Thread] Current Thread [Next in Thread]