[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#507103: xdkcal: buffer overflow when handling environmental variables

Package: xdkcal
Version: 0.9d-2.2
Severity: normal


While scanning some packages I found the following piece of code which leads 
to a buffer overflow when an overly long HOME env var is used.

Affected code:
> FILE *init_file(char *mode)
> {
>     char file[512];
>     FILE *fp;
>     strcpy(file,getenv("HOME"));

Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: