[bug] BOF condition in keydata.cpp

bug-commoncpp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug] BOF condition in keydata.cpp

From:	teo
Subject:	[bug] BOF condition in keydata.cpp
Date:	Sun, 15 Jul 2001 18:20:33 +0300
User-agent:	Mutt/1.3.15i

There is a security issue in Keydata::Load, where a fixed length 
buffer is used to copy something from environment.


void Keydata::Load(const char *keypath, const char *environment)
{
        char path[512];
        char seek[33];
        char find[33];
        const char *prefix = NULL;
        char *cp, *ep;
        int fpos;

        if(*keypath == '~')
        {
                prefix = getenv("HOME");
                strcpy(path, prefix);

       // here HOME env var can be poisoned.

also following there are more unchecked strcpy()s


thanks for the cool CommonC++ though :) it helped me to write a 
multithreaded server in a very short time and left me more time
to focus on my exercise.
 

best regards,
    
--
Teodor Cimpoesu

Software Developer, GeCAD Software
http://www.ravantivirus.com

[Prev in Thread]

Current Thread

[Next in Thread]

[bug] BOF condition in keydata.cpp, teo <=

Prev by Date: Rem.: socket question
Next by Date: (no subject)
Previous by thread: Rem.: socket question
Next by thread: (no subject)
Index(es):
- Date
- Thread