Bug 141313 - Array index out of bounds in silo.c
Array index out of bounds in silo.c
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: cdrtools (Show other bugs)
3
sparc Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-30 06:04 EST by Enrique Perez-Terron
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-12 03:02:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Enrique Perez-Terron 2004-11-30 06:04:28 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; rv:1.7.3) Gecko/20041013
Firefox/0.10.1

Description of problem:

Bug found by code inspection.

In cdrecord/silo.c (created by cdrtools-2.0-silo.patch),
the statement sequence 

    strncpy (silo_info.conf_file, silo_conf_file, 256);
    silo_info.conf_file[259] = '\0';

writes outside the silo_info structure, which is declared static at
file level, thus:

    static struct {
        char id;
        char conf_part;
        char part;
        char pad;
        char conf_file[256];
    } silo_info;

This is the only static data in the file, so the actual data
overwritten depends on what is linked next during build.

Regards, Enrique

Version-Release number of selected component (if applicable):
cdrecord-2.01-1.5

How reproducible:
Didn't try

Steps to Reproduce:
1. Not applicable
2.
3.
    

Actual Results:  Not applicable

Expected Results:  Not applicable

Additional info:
Comment 1 Harald Hoyer 2004-11-30 07:42:15 EST
nice catch! thx!
Comment 2 Harald Hoyer 2004-11-30 08:12:22 EST
Seems like that fell in the padding area :)
Comment 3 Matthew Miller 2006-07-10 18:18:53 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Note You need to log in before you can comment on or make changes to this bug.