Ubuntu
vde2 package

buffer overruns in pidfile handling

Bug #1119977 reported by Seth Arnold on 2013-02-09

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vde2 (Ubuntu)	Triaged	Undecided	Unassigned

Bug Description

static void save_pidfile()
{
        if(pidfile[0] != '/')
                strncat(pidfile_path, pidfile, PATH_MAX - strlen(pidfile_path));
        else
                strcpy(pidfile_path, pidfile);

If programs with this definition are executed with -p <more than PATH_MAX chars>, the pidfile_path heap array is overflowed and undefined behavior, including potential security problems, can result.

This code is duplicated in the following files:

src/vde_autolink.c
src/vde_pcapplug.c
src/vde_plug2tap.c
src/wirefilter.c
src/kvde_switch/consmgmt.c
src/slirpvde/slirpvde.c
src/vde_switch/consmgmt.c

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2013-02-09:

https://sourceforge.net/tracker/?func=detail&aid=3603893&group_id=95403&atid=611248

Jamie Strandboge (jdstrand) on 2013-03-01

Changed in vde2 (Ubuntu):
status:	New → Triaged

Seth Arnold (seth-arnold) on 2016-05-23

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

sf #3603893 Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuvde2 package

buffer overruns in pidfile handling

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
vde2 package