Bug 1000434

Summary: konkretcmpi: minor overflow issues
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: konkretcmpiAssignee: Radek Novacek <rnovacek>
Status: CLOSED CURRENTRELEASE QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: ovasik, rhack
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: konkretcmpi-0.9.1-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-11 18:09:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 999043    

Description Florian Weimer 2013-08-23 12:46:53 UTC 
MOF_Buffer::append(const char *, size_t) in mof/MOF_Buffer.cpp does not check for integer overflow in the size computation. _round_capacity(MOF_uint32) and _next_pow_2(MOF_uint32) have wrong arugment types, they need to be size_t.

MOF_unescape(const char *) in mof/MOF_String.cpp can overflow the result buffer.

These functions are only used by the code generator, and not at run time, so these bugs should be harmless.
Comment 2 Radek Novacek 2013-08-26 13:29:33 UTC 
Fixed upstream and in the konkretcmpi-0.9.1-3.el7. Thanks for the report.