Menu

#11 buffer overflows in basic authenticator code

DS-1.2
open-fixed
adaher
Authentication (3)
5
2005-12-20
2005-05-12
calpaugh
No

in the BasicAuthenticator constructor there is a buffer
overflow. m_pchEncodingScheme does not allocate
enough space to account the null terminator.

in BasicAuthenticator::buildCredential() the character
buffer credString does not allocate enough space to
contain the credential information.

Discussion

  • ddixson73

    ddixson73 - 2005-12-19
    • assigned_to: nobody --> abdelkarim
     

  • adaher

    adaher - 2005-12-20
    • status: open --> open-fixed
     

  • adaher

    adaher - 2005-12-20

    Logged In: YES
    user_id=1357631

    Description of the Patch
    SCTS: BUFFER OVERFLOWS IN BASIC AUTHENTICATOR CODE
    Buffer overflows in basic authenticator code in the
    BasicAuthenticator constructor there is a buffer overflow.
    m_pchEncodingScheme does not allocate enough space to
    account the null terminator in
    BasicAuthenticator::buildCredential() the character buffer
    credString does
    not allocate enough space to contain the credential
    information.

    Short overview of how the patch works
    /SyncMLConformanceTestSuite/Authentication

    BasicAuthenticator.cpp
    - Increase the size of the buffer m_pchEncodingScheme

    Testing Performed:
    Yes

     

  • adaher

    adaher - 2005-12-20
     
    diff-BasicAuthenticator-cpp.txt

Log in to post a comment.