From: Hannes Reinecke <hare@suse.de>
To: christophe varoqui <christophe.varoqui@free.fr>
Cc: device-mapper development <dm-devel@redhat.com>,
Matthias Rudolph <Matthias.Rudolph@hds.com>
Subject: [PATCH] Fix string overflow in pp_hds_modular
Date: Mon, 06 Aug 2007 13:25:26 +0200 [thread overview]
Message-ID: <46B70526.2050408@suse.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 354 bytes --]
Hi Christophe,
our build checker detected a string overflow in pp_hds_modular.
One shouldn't really write 9 bytes into a 8 byte string ...
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare@suse.de +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)
[-- Attachment #2: multipath-tools-pp_hds_modular-buffer-overflow --]
[-- Type: text/plain, Size: 971 bytes --]
tree d0feb33b9e79f82c08ba54e3232ff74e3d0a3e92
parent 5ac8944b746a19c2c08e96d9c91c5b00eb0ef95e
author Hannes Reinecke <hare@suse.de> 1186052416 +0200
committer Hannes Reinecke <hare@suse.de> 1186052416 +0200
pp_hds_modular: Fix buffer overflow
'vendor' is defined to hold 8 bytes, yet snprintf tries to write 9 bytes
to it. Bad.
Signed-off-by: Hannes Reinecke <hare@suse.de>
a04c8abdc0da9556ac4ccedacef3ca41f0aceeb9
path_priority/pp_hds_modular/pp_hds_modular.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/path_priority/pp_hds_modular/pp_hds_modular.c b/path_priority/pp_hds_modular/pp_hds_modular.c
index 7411508..10b28b8 100644
--- a/path_priority/pp_hds_modular/pp_hds_modular.c
+++ b/path_priority/pp_hds_modular/pp_hds_modular.c
@@ -120,7 +120,7 @@ int main (int argc, char **argv)
int hds_modular_prio (const char *dev)
{
int sg_fd, k;
- char vendor[8];
+ char vendor[9];
char product[32];
char serial[32];
char ldev[32];
[-- Attachment #3: Type: text/plain, Size: 0 bytes --]
reply other threads:[~2007-08-06 11:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46B70526.2050408@suse.de \
--to=hare@suse.de \
--cc=Matthias.Rudolph@hds.com \
--cc=christophe.varoqui@free.fr \
--cc=dm-devel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.