Bug 123343 - libia32x.so does not check size of env var before copying it to local var
Summary: libia32x.so does not check size of env var before copying it to local var
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: ia32el
Version: 3.0
Hardware: ia64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-17 11:55 UTC by Yoav Zach
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-11-18 09:43:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
check the size of env variable before copying it into a local var (4.67 KB, patch)
2004-05-17 11:57 UTC, Yoav Zach 		no flags Details | Diff
View All

Description Yoav Zach 2004-05-17 11:55:57 UTC 
Description of problem:
in development mode, libia32x.so copies the contents of HOME 
environment variable into a local variable. this is done without 
ensuring that the local buffer is big enough for that operation.
in development mode **ONLY**, this can result with buffer overrun.

Version-Release number of selected component (if applicable):
4600

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
this problem is only in development mode. in production mode - the 
makefile ensures that this piece of code is never built by setting 
the SYSBTG variable.
Comment 1 Yoav Zach 2004-05-17 11:57:25 UTC 
Created attachment 100270 [details]
check the size of env variable before copying it into a local var

this patch goes on top of fix_fast_syscall.patch which was submitted to bug
#123341
Comment 2 Yoav Zach 2004-11-16 08:02:22 UTC 
this is fixed in v5. i believe it should be closed.
Note You need to log in before you can comment on or make changes to this bug.