The Samba-Bugzilla – Attachment 7167 Details for
Bug 8654
link-by-hash: Fix (non-exploitable) buffer overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
link-by-hash: Fix (non-exploitable) buffer overflow
0001-Fix-overflow-of-hash-buffer.patch (text/plain), 937 bytes, created by
Chris Dunlop
on 2011-12-12 02:50:29 UTC
(
hide
)
Description:
link-by-hash: Fix (non-exploitable) buffer overflow
Filename:
MIME Type:
Creator:
Chris Dunlop
Created:
2011-12-12 02:50:29 UTC
Size:
937 bytes
patch
obsolete
>From 3ecad6fd4f17e64b78b0a8c583ad8568e66dec00 Mon Sep 17 00:00:00 2001 >From: Chris Dunlop <chris@onthe.net.au> >Date: Mon, 12 Dec 2011 13:33:41 +1100 >Subject: [PATCH] Fix overflow of 'hash' buffer > >The text version of the hash requires an extra character for the '/' and >another for the trailing null. > >Note: the original overflow is non-exploitable as it harmlessly >overwrites the following dst variable with a null just before using >asprintf() to set the dst variable again. > >Signed-off-by: Chris Dunlop <chris@onthe.net.au> >--- > hashlink.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/hashlink.c b/hashlink.c >index 15e2a73..12cc39b 100644 >--- a/hashlink.c >+++ b/hashlink.c >@@ -26,7 +26,7 @@ extern char *link_by_hash_dir; > > char *make_hash_name(struct file_struct *file) > { >- char hash[33], *dst; >+ char hash[(MAX_DIGEST_LEN * 2) + 2], *dst; > uchar c, *src = (uchar*)F_SUM(file); > int i; > >-- >1.7.0.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7167">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8654
: 7167 |
7168
|
7169
|
7170
|
7173
|
7174
|
7175
|
7176
|
7177
|
7202