Skip Menu |
 

Download (untitled) / with headers
text/plain 2.8KiB
From kerberos-acl@MIT.EDU Thu Oct 28 15:30:20 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA22917 for <bugs@RT-11.MIT.EDU>; Thu, 28 Oct 1999 15:30:19 -0400
Received: from GRAND-CENTRAL-STATION.MIT.EDU by MIT.EDU with SMTP
id AA03437; Thu, 28 Oct 99 15:30:35 EDT
Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45])
by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id PAA28224
for <krb5-bugs@MIT.EDU>; Thu, 28 Oct 1999 15:25:58 -0400 (EDT)
Received: from mint-square.mit.edu (MINT-SQUARE.MIT.EDU [18.184.0.36])
by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id PAA01234
for <krb5-bugs@MIT.EDU>; Thu, 28 Oct 1999 15:25:57 -0400 (EDT)
Received: (from klmitch@localhost) by mint-square.mit.edu (8.9.3)
id PAA29691; Thu, 28 Oct 1999 15:25:57 -0400 (EDT)
Message-Id: <199910281925.PAA29691@mint-square.mit.edu>
Date: Thu, 28 Oct 1999 15:25:57 -0400
From: Kev <klmitch@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: default_com_err_proc possible overflow?

Show quoted text
>Number: 781
>Category: krb5-libs
>Synopsis: default_com_err_proc possible overflow?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Oct 28 15:31:01 EDT 1999
>Last-Modified: Tue Feb 22 16:39:58 EST 2000
>Originator: Kev <klmitch@MIT.EDU>
>Organization:
>Release:
>Environment:
>Description:
In default_com_err_proc(), we have the following code:

------- Begin code snippet, src/util/et/com_err.c

#if defined(_MSDOS) || defined(_WIN32) || defined(macintosh)

char errbuf[1024] = "";

if (whoami) {
strcat (errbuf, whoami);
strcat (errbuf, ": ");
}
if (code) {
strcat (errbuf, error_message(code));
strcat (errbuf, " ");
}
if (fmt)
vsprintf (errbuf + strlen (errbuf), fmt, ap);

------- End code snippet

This could potentially result in overflows. This is from the 1.1 sources;
I couldn't manage to grab the cvs sources...
--
Kevin L. Mitchell <klmitch@mit.edu>
------------------------- -. .---- --.. ..- -..- --------------------------
http://web.mit.edu/klmitch/www/ (PGP keys availiable from here)
RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2
DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E
DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4

Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue Feb 22 16:39:48 2000
Responsible-Changed-Why:

reformat, set category

Show quoted text
>Unformatted:
Subject: default_com_err_proc possible overflow
Yes, it does appear that this would have been an overflow, but it is
fixed in current sources so I'm closing out this bug.

Thanks for the report.