#540 Unchecked strncpy could lead to non-exploitable buffer overflow
Closed: Fixed None Opened 13 years ago by sgallagh.

From Coverity:

Calling strncpy with a maximum size argument of 108 bytes on destination array "addr.sun_path" of size 108 bytes might leave the destination string unterminated.
  507        strncpy(addr.sun_path, rctx->priv_sock_name, sizeof(addr.sun_path));

Appears twice in the {{{set_unix_socket()}}} function. It's highly unlikely to ever actually hit this overflow (as rctx->sock_name should never exceed 108 characters), but it's still a potential bug that should be fixed.


Fields changed

owner: somebody => sgallagh

Fields changed

status: new => assigned

Fixed by 75392c5

fixedin: => 1.2.1
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.2.1

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1582

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata