Bug 841183
Summary: | Missing namelen check in __pmDecodeFetch | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> | ||||||
Component: | pcp | Assignee: | Nathan Scott <nathans> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 16 | CC: | kenj, mgoodwin, nathans, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | pcp-3.6.5 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-08-20 03:54:06 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 840765, 841698 | ||||||||
Attachments: |
|
Description
Florian Weimer
2012-07-18 11:19:55 UTC
Nathan requested assignment, thanks Nathan. Created attachment 599665 [details]
Resolve issues in decoding PCP fetch PDUs
Proposed fix attached. Please review, thanks.
(In reply to comment #3) > Created attachment 599665 [details] > Resolve issues in decoding PCP fetch PDUs > > Proposed fix attached. Please review, thanks. if ((pduend - (char*)pp) != sizeof(fetch_t) + ((sizeof(pmID)) * (numpmid-1))) The expression (sizeof(pmID)) * (numpmid-1) can overflow (for instance, if numpmid is 0x40000001), so the check does not catch all cases where numpmid and the actual number of elements disagree. Created attachment 599891 [details]
Updated patch to address PCP fetch PDU decoding issues
Upstream patch: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a This issue has been addressed in pcp-3.6.5 This issue was addressed in Fedora and EPEL via the following security updates: Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16 Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17 Rawhide: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18 EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5 EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6 |