buffer overflow in values.c
Bug #485194 reported by
Raphael Geissert
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ureadahead |
Invalid
|
High
|
Unassigned | ||
ureadahead (Ubuntu) |
Fix Released
|
Low
|
Kees Cook |
Bug Description
The get_value and set_value functions both set the null character at buf[len], but len can be up to sizeof buf, which results in a buffer overflow.
In practice this seems unlikely, if not impossible, to have any effect as the files these functions operate on only contain one or a couple of bytes. Nevertheless, it is a bug.
Related branches
Changed in ureadahead: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in ureadahead (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
importance: | High → Low |
status: | Triaged → Fix Committed |
To post a comment you must log in.
Moved to Ubuntu bug tracker