This is very similar to the __pmDecodeInstanceReq overflow (bug 841240). buflen needs to be checked against the PDU size, and negative values need to be rejected. This is not directly exposed through pmcd.
Ken requested assignment, thanks.
Created attachment 600704 [details] Resolve issues in decoding PCP text PDUs
(In reply to comment #2) > Created attachment 600704 [details] > Resolve issues in decoding PCP text PDUs This looks okay, with the same caveat as in bug 841240.
Upstream patch: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e This issue has been addressed in pcp-3.6.5
This issue was addressed in Fedora and EPEL via the following security updates: Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16 Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17 Rawhide: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18 EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5 EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6