Red Hat Bugzilla – Bug 1021958
socat: length check in _xiodump()
Last modified: 2017-07-19 07:01:56 EDT
_xiodump() in xio-ascii.c has questionable length check and needs to compare against (codlen - 1) / 3, not 2 * codlen + 1. It also should cap the input length at that value. (3 characters per byte in case of interleaving spaces.) codlen must be at least 1 (assert?). xiodump() can write beyond the end of the buffer, but its callers compensate for that by not including the NUL byte in the passed size.
Has been fixed in upstream release 188.8.131.52