This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/5545] Potential buffer overflow in sunrpc/clnt_perr.c

From: "martin at gerbershagen-pfn dot de" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 5 Jan 2008 10:34:08 -0000
Subject: [Bug libc/5545] Potential buffer overflow in sunrpc/clnt_perr.c
References: <20080105102940.5545.martin@gerbershagen-pfn.de>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From martin at gerbershagen-pfn dot de  2008-01-05 10:34 -------
Created an attachment (id=2173)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=2173&action=view)
Patch to fix the problem.

The provided patch fixes the problem. The idea is to truncate the user supplied
msg to 128 bytes to leave enough room for the rpc message that is appended
afterwards and a strict control of the message end to avoid any buffer
overflow. The patch also works for the latest version of clnt_perr.c in glibc
2.7.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=5545

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

References:
- [Bug libc/5545] New: Potential buffer overflow in sunrpc/clnt_perr.c
  - From: martin at gerbershagen-pfn dot de

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]