Off-By-One

To: deity@lists.debian.org
Subject: Off-By-One
From: Joshua Rogers <megamansec@gmail.com>
Date: Fri, 21 Nov 2014 19:53:49 +1100
Message-id: <[🔎] 546EFD9D.8000005@gmail.com>

Package: apt
Version: 1.0.9.4
Severity: normal
tags: security



In apt-inst/extract.cc, this code appears:

>       if (Res.length() > sizeof(FileName))
>          return _error->Error(_("The path %s is too long"),Res.c_str());
>       if (Debug == true)
>          clog << "Followed conf file from " << FileName << " to " <<
> Res << endl;
>       Itm.Name = strcpy(FileName,Res.c_str());      

"if (Res.length() > sizeof(FileName))" should either be "if
(Res.length() >= sizeof(FileName))", or "if (Res.length() >
sizeof(FileName - 1))".



Thanks,
-- 
-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Off-By-One
  - From: David Kalnischkies <david@kalnischkies.de>

Prev by Date: Bug#666772: apt cross-build-dep handling should be liberal with Arch: all packages
Next by Date: Scopri come fare soldi in 30 minuti
Previous by thread: Bug#666772: apt cross-build-dep handling should be liberal with Arch: all packages
Next by thread: Re: Off-By-One
Index(es):
- Date
- Thread