[sleuthkit-developers] [ sleuthkit-Bugs-3516866 ] Potential Buffer overflow found by gcc 4.7
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] [ sleuthkit-Bugs-3516866 ] Potential Buffer overflow found by gcc 4.7
|
From: SourceForge.net <no...@so...> - 2012-04-12 13:21:23
|
Bugs item #3516866, was opened at 2012-04-11 07:50 Message generated for change (Comment added) made by carrier You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=3516866&group_id=55685 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: File System Tools Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Greg (gregfreemyer) Assigned to: Nobody/Anonymous (nobody) Summary: Potential Buffer overflow found by gcc 4.7 Initial Comment: The below code adjusts the starting location of a snprintf as a string is built, but not the max. length of the string. --- sleuthkit-3.2.3.orig/tsk3/fs/ext2fs.c +++ sleuthkit-3.2.3/tsk3/fs/ext2fs.c @@ -1519,23 +1519,23 @@ ext2fs_make_acl_str(char *str, int len, int i = 0; if (perm & EXT2_PACL_PERM_READ) { - snprintf(&str[i], len - 1, "Read"); + snprintf(&str[i], len - i - 1, "Read"); i += 4; } if (perm & EXT2_PACL_PERM_WRITE) { if (i) { - snprintf(&str[i], len - 1, ", "); + snprintf(&str[i], len - i - 1, ", "); i += 2; } - snprintf(&str[i], len - 1, "Write"); + snprintf(&str[i], len - i - 1, "Write"); i += 5; } if (perm & EXT2_PACL_PERM_EXEC) { if (i) { - snprintf(&str[i], len - 1, ", "); + snprintf(&str[i], len - i - 1, ", "); i += 2; } - snprintf(&str[i], len - 1, "Execute"); + snprintf(&str[i], len - i - 1, "Execute"); i += 7; } } ---------------------------------------------------------------------- >Comment By: Brian Carrier (carrier) Date: 2012-04-12 06:21 Message: Fixed on master on github. [master 5648cc7] Fixed issue 3516866 of Ext2 sprintfs reported by gregfreemyer 1 files changed, 4 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=477889&aid=3516866&group_id=55685 |
