This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/199] New: memory buffer overrun in rare case

From: "miles at cray dot com" <sourceware-bugzilla at sources dot redhat dot com>
To: glibc-bugs at sources dot redhat dot com
Date: 2 Jun 2004 22:59:17 -0000
Subject: [Bug libc/199] New: memory buffer overrun in rare case
Reply-to: sourceware-bugzilla at sources dot redhat dot com

In __md5_crypt, static variable buflen is set to needed even if realloc fails. 
A later call to this routine will have buflen be too large, and
could cause a write of the end of buf.
 
old version:
      buflen = needed;
 
      new_buffer = (char *) realloc (buffer, buflen);
      if (new_buffer == NULL)
        return NULL;
 
fixed version:

      new_buffer = (char *) realloc (buffer, needed);
      if (new_buffer == NULL)
        return NULL;
 
      buflen = needed;

-- 
           Summary: memory buffer overrun in rare case
           Product: glibc
           Version: 2.3.2
            Status: NEW
          Severity: minor
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: miles at cray dot com
                CC: glibc-bugs at sources dot redhat dot com


http://sources.redhat.com/bugzilla/show_bug.cgi?id=199

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Follow-Ups:
- [Bug libc/199] memory buffer overrun in rare case
  - From: jakub at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]