Bug 141313

Summary: Array index out of bounds in silo.c
Product: [Fedora] Fedora Reporter: Enrique Perez-Terron <enrio>
Component: cdrtoolsAssignee: Harald Hoyer <harald>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: mattdm
Target Milestone: ---   
Target Release: ---   
Hardware: sparc   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-12 07:02:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Enrique Perez-Terron 2004-11-30 11:04:28 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; rv:1.7.3) Gecko/20041013
Firefox/0.10.1

Description of problem:

Bug found by code inspection.

In cdrecord/silo.c (created by cdrtools-2.0-silo.patch),
the statement sequence 

    strncpy (silo_info.conf_file, silo_conf_file, 256);
    silo_info.conf_file[259] = '\0';

writes outside the silo_info structure, which is declared static at
file level, thus:

    static struct {
        char id;
        char conf_part;
        char part;
        char pad;
        char conf_file[256];
    } silo_info;

This is the only static data in the file, so the actual data
overwritten depends on what is linked next during build.

Regards, Enrique

Version-Release number of selected component (if applicable):
cdrecord-2.01-1.5

How reproducible:
Didn't try

Steps to Reproduce:
1. Not applicable
2.
3.
    

Actual Results:  Not applicable

Expected Results:  Not applicable

Additional info:
Comment 1 Harald Hoyer 2004-11-30 12:42:15 UTC 
nice catch! thx!
Comment 2 Harald Hoyer 2004-11-30 13:12:22 UTC 
Seems like that fell in the padding area :)
Comment 3 Matthew Miller 2006-07-10 22:18:53 UTC 
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!