Re: [Libcdio-devel] Vulnerable use of strcpy in iso9660

libcdio-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libcdio-devel] Vulnerable use of strcpy in iso9660_fs.c

From:	Rocky Bernstein
Subject:	Re: [Libcdio-devel] Vulnerable use of strcpy in iso9660_fs.c
Date:	Mon, 13 May 2024 08:35:47 -0400

Just wanted to post a follow-up on this.

Mansour Gashasbi has reminded me about this. He is willing to come up with
a set of patches for the issues he has come across. So expect a request for
comments on this when it come through.

(I am back from a wonderful time at BlackHat Asia 2024 - talk text and
slide with text are at
https://rocky.github.io/blackhat-asia-2024-additional/all-notes-print.html.
Also had a great time in Singapore, Malaysia, and a stopover night in
Frankfurt, Germany)

On Thu, Apr 4, 2024 at 6:51 PM Rocky Bernstein <rocky@gnu.org> wrote:

> I just received a report about a place in libiso9660
> <https://git.savannah.gnu.org/cgit/libcdio.git/tree/lib/iso9660/iso9660_fs.c#n814>
> where we use strcpy() instead of strncpy().
>
> If someone has a suggestion for how to fix, please let me know. I can send
> a more detailed report for those interested. Just email me.
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Libcdio-devel] Vulnerable use of strcpy in iso9660_fs.c, Rocky Bernstein <=

Next by Date: [Libcdio-devel] Request for Comments: converting libcdio-paranoia C style - which "standard" to use?
Next by thread: [Libcdio-devel] Request for Comments: converting libcdio-paranoia C style - which "standard" to use?
Index(es):
- Date
- Thread