Menu

#1286 LOG: String copy without length check or check if string

5.1.FC
fixed
nobody
None
defect
log
-
4.4
major
False
2017-05-22
2015-03-26
elunlen
No

When standby receives checkpointing for a log record write the received name of logFileCurrent is copied to the stream info This is done using strcpy. At least length check must be done in case the in data is garbage. May cause segv
See function ckpt_proc_log_write() in lgs_mbcsv.c

Discussion

  • Mathi Naickan

    Mathi Naickan - 2015-03-31
    • Milestone: 4.4.2 --> 4.5.2
     

  • Mathi Naickan

    Mathi Naickan - 2015-03-31
    • Milestone: 4.5.2 --> 4.7-Tentative
     

  • Anders Bjornerstedt

    Anders Bjornerstedt - 2015-04-10
    • Milestone: 4.7-Tentative --> 4.5.1
     

  • Mathi Naickan

    Mathi Naickan - 2015-04-10
    • Milestone: 4.5.1 --> 4.5.2
     

  • Anders Widell

    Anders Widell - 2015-11-02
    • Milestone: 4.5.2 --> 4.6.2
     

  • Mathi Naickan

    Mathi Naickan - 2016-05-04
    • Milestone: 4.6.2 --> 4.7.2
     

  • Anders Widell

    Anders Widell - 2016-09-20
    • Milestone: 4.7.2 --> 5.0.2
     

  • Anders Widell

    Anders Widell - 2017-04-03
    • Milestone: 5.0.2 --> future
     

  • Vu Minh Nguyen

    Vu Minh Nguyen - 2017-05-22
    • status: unassigned --> fixed
    • Blocker: --> False
    • Milestone: future --> 5.1.FC
     

  • Vu Minh Nguyen

    Vu Minh Nguyen - 2017-05-22

    Fixed in enhacement ticket [#1315] since OpenSAF 5.1 release.

     

    Related

    Tickets: #1315

Log in to post a comment.

MongoDB Logo MongoDB