[BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()

bug-commoncpp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()

From:	Gernot Hillier
Subject:	[BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()
Date:	Sat, 4 Jan 2003 12:33:27 +0100
User-agent:	KMail/1.4.3

Hi!

I stumbled over a very dangerous code part in CommonC++ in the KeyData 
implementation:

void Keydata::loadPrefix(const char *pre, const char *keypath, const char 
*environment)
{
[...]
        if(*keypath == '~')
        {
                prefix = getenv("HOME");
                strcpy(path, prefix); 
                strcat(path, "/.");
                ++keypath;
        }
[...]

This is a classical buffer overflow (use a environment variable, rely on its 
length and copy it to an internal buffer).

I tried to fix it for the time being - but I don't actually know the class as 
I don't use it. Please triple-check my fixes - they're untested and I don't 
have read the complete code of keydata.cpp! 

So please see my patch just as a suggestion. I'll attach it...

-- 
Bye,

Gernot

commonc++-bo.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix(), Gernot Hillier <=
- Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix(), Federico Montesino Pouzols, 2003/01/07
  - Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix(), David Sugar, 2003/01/08

Prev by Date: doxygen @short directive in comments
Next by Date: crash in detached thread in ThreadImpl::ThreadDestructor
Previous by thread: doxygen @short directive in comments
Next by thread: Re: [BUG] [PATCH] Buffer Overflow in Keydata::loadPrefix()
Index(es):
- Date
- Thread