[Bug-glibc] PR 82 revisited

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-glibc] PR 82 revisited

From:	Jens-Uwe Mager
Subject:	[Bug-glibc] PR 82 revisited
Date:	Tue, 19 Sep 2000 14:31:15 +0200

The fix for the host name length problem introduced in PR#82 does itself
overrun the allocated buffer by one byte. The code in sunrpc/clnt_simp.c
is:

        crp->oldhost = malloc(256);

and later:

        (void) strncpy(crp->oldhost, host, 255);
        crp->oldhost[256] = '\0';

The nul byte is written one byte beyond the allocated buffer, I would
suspect:

        crp->oldhost[255] = '\0';

was meant here. The problem pops up if the program using callrpc is
debugged using efence.
-- 
Jens-Uwe Mager

HELIOS Software GmbH
Steinriede 3
30827 Garbsen
Germany

Phone:          +49 5131 709320
FAX:            +49 5131 709325
Internet:       address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-glibc] PR 82 revisited, Jens-Uwe Mager <=
- Re: [Bug-glibc] PR 82 revisited, Andreas Jaeger, 2000/09/19

Prev by Date: [Bug-glibc] Vacation!
Next by Date: Re: [Bug-glibc] PR 82 revisited
Previous by thread: [Bug-glibc] Vacation!
Next by thread: Re: [Bug-glibc] PR 82 revisited
Index(es):
- Date
- Thread