[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2.1.17 cfservd read buffer not null-terminated
|
From: |
Joe Buehler |
|
Subject: |
2.1.17 cfservd read buffer not null-terminated |
|
Date: |
Thu, 22 Dec 2005 15:28:22 -0500 |
|
User-agent: |
Mozilla Thunderbird 1.0.6 (Windows/20050716) |
The buffer filled from the network by cfservd is not null-terminated,
but it is passed to some routines that want it null-terminated. In
particular, the AIX sscanf() routine appears to run strlen() on it.
\"/home/project-releases/tmp/cfengine-2.1.17/src/item.c\", line 1129:
(READ_OVERFLOW)
>> sscanf(sp,format,node);
String is not null terminated within range: sp
Reading : 0x2055f754
From block: 0x2055f754 thru 0x20560753 (4096 bytes)
recvbuffer, declared at cfservd.c, 1538
Stack trace where the error occurred:
SplitStringAsItemList() item.c, 1129
MatchClasses() cfservd.c, 1569
BusyWithConnection() cfservd.c, 1238
HandleConnection() cfservd.c, 1149
\"src/bos/usr/ccs/lib/libc/scanf.c\", line unknown: (READ_OVERFLOW)
String is not null terminated within range: <argument 1>
Reading : 0x2055f754
From block: 0x2055f754 thru 0x20560753 (4096 bytes)
recvbuffer, declared at cfservd.c, 1538
Stack trace where the error occurred:
strlen() (interface)
sscanf()
../../../../../../../src/bos/usr/ccs/lib/libc/scanf.c
SplitStringAsItemList() item.c, 1129
MatchClasses() cfservd.c, 1569
BusyWithConnection() cfservd.c, 1238
HandleConnection() cfservd.c, 1149
--
Joe Buehler
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- 2.1.17 cfservd read buffer not null-terminated,
Joe Buehler <=