Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 714154 - overrunning array when executing nss_pcache
overrunning array when executing nss_pcache
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: mod_nss (Show other bugs)
6.1
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 714255 1022298 1022717
  Show dependency treegraph
 
Reported: 2011-06-17 09:26 EDT by Rob Crittenden
Modified: 2015-01-04 18:49 EST (History)
4 users (show)

See Also:
Fixed In Version: mod_nss-1.0.8-13.el6
Doc Type: Bug Fix
Doc Text:
Previously, a static array containing the arguments for launching the nss_pcache command was overflowing the size by one. This could lead to a variety of issues including unexpected termination. This bug has been fixed, and mod_nss now uses properly sized static array when launching nss_pcache.
Story Points: ---
Clone Of:
: 714255 1022298 1022717 (view as bug list)
Environment:
Last Closed: 2011-12-06 11:37:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Use properly sized static array (740 bytes, patch)
2011-08-01 13:28 EDT, Rob Crittenden
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1656 normal SHIPPED_LIVE mod_nss bug fix update 2011-12-05 19:50:24 EST

  None (edit)
Description Rob Crittenden 2011-06-17 09:26:01 EDT
Description of problem:

mod_nss-1.0.8/nss_engine_init.c:467: overrun-local: Overrunning static array "child_argv", with 5 elements, at position 5 with index variable "5".

Version-Release number of selected component (if applicable):
mod_nss-1.0.8-12.el6
Comment 1 Jenny Galipeau 2011-06-20 15:12:47 EDT
can you please add some more information about this issue? steps to reproduce and verify?
Comment 2 Rob Crittenden 2011-06-20 15:19:19 EDT
In the worst case this would result in core dump. mod_nss is allocating an array of 5 elements and writing 6 to it. Through good fortune it isn't overwriting the memory or something else.
Comment 3 Rob Crittenden 2011-08-01 13:28:25 EDT
Created attachment 516182 [details]
Use properly sized static array
Comment 5 Tomas Capek 2011-08-22 05:39:30 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, a static array containing the arguments for launching the nss_pcache command was overflowing the size by one. This could lead to a variety of issues including unexpected termination. This bug has been fixed, and mod_nss now uses properly sized static array when launching nss_pcache.
Comment 6 Jenny Galipeau 2011-09-30 09:56:38 EDT
please add steps to reproduce this issue.
Comment 7 Rob Crittenden 2011-10-03 13:10:32 EDT
This bug was identified by Coverity. It requires code inspection to verify, we never saw this in the wild.
Comment 8 Jenny Galipeau 2011-10-03 13:41:42 EDT
Will we verify Sanity Only then, that no regressions occur during testing.
Comment 10 errata-xmlrpc 2011-12-06 11:37:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1656.html

Note You need to log in before you can comment on or make changes to this bug.