Bug 1022070 - socat: missing length check in xiolog_ancillary_socket()
socat: missing length check in xiolog_ancillary_socket()
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: socat (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Paul Wouters
BaseOS QE Security Team
Depends On:
Blocks: 1019961 1085024
  Show dependency treegraph
Reported: 2013-10-22 11:19 EDT by Florian Weimer
Modified: 2017-10-03 21:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-10-22 11:19:05 EDT
xiolog_ancillary_socket() in xio-socket.c appends bytes to the valbuff buffer without length checking here:

      sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec);

I think this is just hardening.
Comment 2 Gerhard 2014-03-10 17:08:45 EDT
Has been fixed in upstream release
Comment 5 Florian Weimer 2015-09-24 04:41:09 EDT
Upstream fix:

commit dfdeaa483663904399b279b21fd91556e77f79e0
Author: Gerhard Rieger <gerhard@dest-unreach.org>
Date:   Sat Jan 25 10:35:21 2014 +0100

    Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

Note You need to log in before you can comment on or make changes to this bug.