[BusyBox 0004594]: nmeter buffer overflow
bugs at busybox.net
bugs at busybox.net
Thu Aug 14 00:57:16 UTC 2008
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=4594
======================================================================
Reported By: cristic
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4594
Category: Other
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 08-13-2008 17:57 PDT
Last Modified: 08-13-2008 17:57 PDT
======================================================================
Summary: nmeter buffer overflow
Description:
Test case: ./nmeter -
The problem in in nmeter.c:
776: char buf[32];
...
790: if (open_read_close("version", buf, sizeof(buf)) > 0)
791: is26 = (strstr(buf, " 2.4.")==NULL);
At line 790, up to 32 chars are read into buf. If all 32 chars are
used, there's no space left for a terminating zero, and strstr will
read out-of-bounds memory. The fix would be to either resize buf or
read only up to sizeof(buf)-1 char, and to terminate buf with a '\0'.
Thanks,
Cristian
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
08-13-08 17:57 cristic New Issue
08-13-08 17:57 cristic Status new => assigned
08-13-08 17:57 cristic Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list