Hi Ulf!
Ulf Härnhammar wrote:
> I have discovered a potential crash bug in sysklogd. The klogd daemon
> doesn't handle really malformed System.map files very well. It has
> two fscanf() calls with "%s" format strings that stores to char
> sym[512] arrays. This causes a crash if the string field in the
> file is longer than that.
>
> Despite being a buffer overflow, this is not a security problem, as
> only root can change the System.map file. Nevertheless, I think it
> is worth fixing, as the Right Thing for a program should be not to
> assume anything about its input and to handle various problems well.
>
> I have attached the first few lines of a System.map file that causes
> this problem, as well as a patch against sysklogd-1.4.1.
You are correct. Thanks a lot. Patch applied.
Regards,
Joey
-- WARNING: Do not execute! This call violates patent DE10108564. http://www.elug.de/projekte/patent-party/patente/DE10108564 wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/Received on Fri, 16 Jul 2004 08:51:03 +0200
This archive was generated by hypermail 2.1.8 : Fri Jul 16 2004 - 08:57:25 CEST