Bug 1022070 - socat: missing length check in xiolog_ancillary_socket()
Summary: socat: missing length check in xiolog_ancillary_socket()
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: socat
Version: 7.0
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1019961 1085024
TreeView+ depends on / blocked
 
Reported: 2013-10-22 15:19 UTC by Florian Weimer
Modified: 2018-11-13 11:00 UTC (History)
3 users (show)

Fixed In Version: 1.7.3.1-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-13 11:00:23 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Florian Weimer 2013-10-22 15:19:05 UTC 
xiolog_ancillary_socket() in xio-socket.c appends bytes to the valbuff buffer without length checking here:

      sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec);

I think this is just hardening.
Comment 2 Gerhard 2014-03-10 21:08:45 UTC 
Has been fixed in upstream release 1.7.2.4
Comment 5 Florian Weimer 2015-09-24 08:41:09 UTC 
Upstream fix:

commit dfdeaa483663904399b279b21fd91556e77f79e0
Author: Gerhard Rieger <gerhard>
Date:   Sat Jan 25 10:35:21 2014 +0100

    Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Comment 6 Paul Wouters 2018-11-13 11:00:23 UTC 
This bug is addressed by ERRATA RHBA-2017:2049-03 socat bug fix update

https://errata.devel.redhat.com/advisory/26967
Note You need to log in before you can comment on or make changes to this bug.