[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Off-By-One



Package: apt
Version: 1.0.9.4
Severity: normal
tags: security



In apt-inst/extract.cc, this code appears:

>       if (Res.length() > sizeof(FileName))
>          return _error->Error(_("The path %s is too long"),Res.c_str());
>       if (Debug == true)
>          clog << "Followed conf file from " << FileName << " to " <<
> Res << endl;
>       Itm.Name = strcpy(FileName,Res.c_str());      

"if (Res.length() > sizeof(FileName))" should either be "if
(Res.length() >= sizeof(FileName))", or "if (Res.length() >
sizeof(FileName - 1))".



Thanks,
-- 
-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: