Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

[PATCH] avoid buffer strncpy-induced buffer overrun

 

 

GnuPG devel RSS feed   Index | Next | Previous | View Threaded


jim at meyering

Apr 25, 2012, 8:42 AM

Post #1 of 1 (163 views)
Permalink
[PATCH] avoid buffer strncpy-induced buffer overrun

* dirmngr/crlcache.c (open_dir): Ensure that both this_update
and next_update member strings are NUL-terminated.
---
this_update and next_update are sometimes expected to
be NUL-terminated strings, we must ensure it here.
Otherwise, the readers may access beyond the end of those buffers.

dirmngr/crlcache.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index edf3837..768d446 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -587,8 +587,14 @@ open_dir (crl_cache_t *r_cache)
case 2: entry->issuer_hash = p; break;
case 3: entry->issuer = unpercent_string (p); break;
case 4: entry->url = unpercent_string (p); break;
- case 5: strncpy (entry->this_update, p, 15); break;
- case 6: strncpy (entry->next_update, p, 15); break;
+ case 5:
+ strncpy (entry->this_update, p, 15);
+ entry->this_update[15] = 0;
+ break;
+ case 6:
+ strncpy (entry->next_update, p, 15);
+ entry->next_update[15] = 0;
+ break;
case 7: entry->dbfile_hash = p; break;
case 8: if (*p) entry->crl_number = p; break;
case 9:
--
1.7.10.335.g879d8

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.