crash from invalid memset
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcommoncpp2 (Debian) |
Fix Released
|
Unknown
|
|||
libcommoncpp2 (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
When using commoncpp2 on 64 bit systems (as SFLphone does), if gethostbyname fails, libcommoncpp2 will cause a buffer overflow by doing an incorrect memset.
The memset in the buggy version is called using sizeof(ipaddr), where ipaddr is a pointer. What is intended is sizeof(struct inaddr), the type to which ipaddr points. The reason this bug only manifests itself on 64 bit systems is that sizeof(pointer) > sizeof(struct inaddr), whereas on 32 bit systems they are equal.
This has since been corrected upstream in commoncpp, but the bug remains in the libcommoncpp2 package. This affects SFLphone and any other application which depends on commoncpp.
This was previously reported to Debian:
http://
Related branches
- James Page: Needs Fixing
- Ubuntu branches: Pending requested
-
Diff: 44 lines (+24/-0)3 files modifieddebian/changelog (+8/-0)
debian/patches/inaddr-overflow.patch (+15/-0)
debian/patches/series (+1/-0)
Changed in libcommoncpp2 (Debian): | |
status: | Unknown → New |
Changed in libcommoncpp2 (Debian): | |
status: | New → Fix Released |
The attachment "patch with corrected memset call" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]