Bug 87716 - [patch] tests: buffer overwrite
Summary: [patch] tests: buffer overwrite
Status: RESOLVED FIXED
Alias: None
Product: PolicyKit
Classification: Unclassified
Component: daemon (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: David Zeuthen (not reading bugmail)
QA Contact: David Zeuthen (not reading bugmail)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-25 19:28 UTC by Joshua Rogers
Modified: 2018-04-03 18:32 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
0001-tests-Correct-boundary-test-for-overflow.patch (892 bytes, patch)
2015-06-03 20:35 UTC, Colin Walters
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Rogers 2014-12-25 19:28:54 UTC
Hi,

In /test/mocklibc/src/netgroup.c on line 336 there is a buffer overwrite:



329      if (iter->depth > NETGROUP_MAX_DEPTH) {
330        iter->depth = -1;

NETGROUP_MAX_DEPTH is 32

[..]
336      iter->stack[iter->depth] = child;


Thanks
Comment 1 Colin Walters 2015-06-03 20:35:39 UTC
Created attachment 116270 [details] [review]
0001-tests-Correct-boundary-test-for-overflow.patch

Also filed this upstream as https://code.google.com/p/mocklibc/issues/detail?id=4&thanks=4&ts=1433363719
Comment 2 Ray Strode [halfline] 2018-04-03 18:32:02 UTC
Upstream hasn't seen any movement, but the fix seems right, so
pushing it now.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.