Description of problem: The changelog-misc.h:CHANGELOG_FILE_HTIME_DIR macro fills a destination buffer with data without any bounds checking. A strcpy and strcat are used to append "/htime" to the changelog_dir path. Recommend updating the marco to take the length of the destination buffer as the third parameter and use snprintf to fill the buffer. Version-Release number of selected component (if applicable): 3.5 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
REVIEW: http://review.gluster.org/8108 (Update CHANGELOG_FILE_HTIME_DIR macro to use buffer size) posted (#1) for review on master by Keith Schincke (kschinck)
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
This bug is getting closed because the 3.5 is marked End-Of-Life. There will be no further updates to this version. Please open a new bug against a version that still receives bugfixes if you are still facing this issue in a more current release.