[sleuthkit-developers] [ sleuthkit-Bugs-3516866 ] Potential Buffer overflow found by gcc 4.7
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] [ sleuthkit-Bugs-3516866 ] Potential Buffer overflow found by gcc 4.7
|
From: SourceForge.net <no...@so...> - 2012-04-11 14:50:57
|
Bugs item #3516866, was opened at 2012-04-11 07:50 Message generated for change (Tracker Item Submitted) made by gregfreemyer You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=3516866&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Tools Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Greg (gregfreemyer) Assigned to: Nobody/Anonymous (nobody) Summary: Potential Buffer overflow found by gcc 4.7 Initial Comment: The below code adjusts the starting location of a snprintf as a string is built, but not the max. length of the string. --- sleuthkit-3.2.3.orig/tsk3/fs/ext2fs.c +++ sleuthkit-3.2.3/tsk3/fs/ext2fs.c @@ -1519,23 +1519,23 @@ ext2fs_make_acl_str(char *str, int len, int i = 0; if (perm & EXT2_PACL_PERM_READ) { - snprintf(&str[i], len - 1, "Read"); + snprintf(&str[i], len - i - 1, "Read"); i += 4; } if (perm & EXT2_PACL_PERM_WRITE) { if (i) { - snprintf(&str[i], len - 1, ", "); + snprintf(&str[i], len - i - 1, ", "); i += 2; } - snprintf(&str[i], len - 1, "Write"); + snprintf(&str[i], len - i - 1, "Write"); i += 5; } if (perm & EXT2_PACL_PERM_EXEC) { if (i) { - snprintf(&str[i], len - 1, ", "); + snprintf(&str[i], len - i - 1, ", "); i += 2; } - snprintf(&str[i], len - 1, "Execute"); + snprintf(&str[i], len - i - 1, "Execute"); i += 7; } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=3516866&group_id=55685 |
