Bug 841180
Summary: | DecodeNameReq buffer overflow | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> | ||||||
Component: | pcp | Assignee: | Nathan Scott <nathans> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 16 | CC: | kenj, mgoodwin, nathans, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | pcp-3.6.5 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-08-20 03:53:54 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 840765, 841698 | ||||||||
Attachments: |
|
Description
Florian Weimer
2012-07-18 11:00:21 UTC
Nathan requested assignment, thanks Nathan. Created attachment 600700 [details]
Resolve issues in decoding PCP namereq PDUs
namelen+1 >= INT_MAX is always false. But the comparison appears to be unnecessary in this case. Created attachment 600961 [details]
Updated patch to address PCP namereq PDU decoding issues
Incorporate Florian's review comments.
(In reply to comment #5) > Created attachment 600961 [details] > Updated patch to address PCP namereq PDU decoding issues > > Incorporate Florian's review comments. Looks good to me. Upstream patch: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c This issue has been addressed in pcp-3.6.5 This issue was addressed in Fedora and EPEL via the following security updates: Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16 Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17 Rawhide: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18 EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5 EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6 |