FS#442 : PATCH: Fix buffer overflow in Pacman

FS#442 - PATCH: Fix buffer overflow in Pacman

Attached to Project: Pacman
Opened by Indan Zupancic (i3839) - Sunday, 08 February 2004, 00:57 GMT
Last edited by Judd Vinet (judd) - Sunday, 08 February 2004, 06:15 GMT

Task Type	Bug Report
Category
Status	Closed
Assigned To	Judd Vinet (judd)
Architecture	not specified
Severity	Low
Priority	Normal
Reported Version	0.6 Widget
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

In pacman.c version 2.7.3, strlen is used, forgetting that strlen returns the length of the string without the terminating 0, thus allocating a buffer strlen + 1 gives you the actual size.

I think that using realloc would be better in this case, but that is another issue.

patch:

--- pacman.c 2004-02-08 00:02:04.000000000 +0100
+++ pacman.c.iz 2004-02-08 00:02:44.000000000 +0100
@@ -178,7 +178,7 @@
/* check for db existence */
/* add a trailing '/' if there isn't one */
if(pmo_root[strlen(pmo_root)-1] != '/') {
- MALLOC(ptr, strlen(pmo_root)+1);
+ MALLOC(ptr, strlen(pmo_root)+2);
strcpy(ptr, pmo_root);
strcat(ptr, "/");
FREE(pmo_root);

This task depends upon

Closed by Judd Vinet (judd)
Wednesday, 18 February 2004, 03:35 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#442 - PATCH: Fix buffer overflow in Pacman

Details

Loading...