This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/5545] Potential buffer overflow in sunrpc/clnt_perr.c
- From: "martin at gerbershagen-pfn dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 5 Jan 2008 10:34:08 -0000
- Subject: [Bug libc/5545] Potential buffer overflow in sunrpc/clnt_perr.c
- References: <20080105102940.5545.martin@gerbershagen-pfn.de>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From martin at gerbershagen-pfn dot de 2008-01-05 10:34 -------
Created an attachment (id=2173)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2173&action=view)
Patch to fix the problem.
The provided patch fixes the problem. The idea is to truncate the user supplied
msg to 128 bytes to leave enough room for the rpc message that is appended
afterwards and a strict control of the message end to avoid any buffer
overflow. The patch also works for the latest version of clnt_perr.c in glibc
2.7.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5545
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.