Bug#507103: xdkcal: buffer overflow when handling environmental variables

To: submit@bugs.debian.org
Subject: Bug#507103: xdkcal: buffer overflow when handling environmental variables
From: Raphael Geissert <atomo64@gmail.com>
Date: Thu, 27 Nov 2008 21:16:00 -0600
Message-id: <[🔎] 200811272116.05964.atomo64@gmail.com>
Reply-to: Raphael Geissert <atomo64@gmail.com>, 507103@bugs.debian.org

Package: xdkcal
Version: 0.9d-2.2
Severity: normal

Hi,

While scanning some packages I found the following piece of code which leads 
to a buffer overflow when an overly long HOME env var is used.

Affected code:
> FILE *init_file(char *mode)
> {
>     char file[512];
>     FILE *fp;
>
>     strcpy(file,getenv("HOME"));

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Salut mon ami!
Next by Date: Bug#471121: xli: resource leaks leads to denial of service of X
Previous by thread: Salut mon ami!
Next by thread: Bug#471121: marked as done (xli: resource leaks leads to denial of service of X)
Index(es):
- Date
- Thread