https://bugzilla.novell.com/show_bug.cgi?id=472773
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=472773#c1
Pavol Rusnak changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
Info Provider| |lnussel@novell.com
--- Comment #1 from Pavol Rusnak 2009-02-05 03:54:52 MST ---
Before the fix (KEY_MAX = 0x1FF = 511):
ioctl(fd, EVIOCGBIT(i, KEY_MAX), bit[i]);
(even though kernel limits output to 64 bytes)
After the fix - sizeof(bit[i]) = 8:
ioctl(fd, EVIOCGBIT(i, sizeof(bit[i])), bit[i]);
Ludwig: Is it sufficient to fix only in Factory or do you want to fix SLE11 too
(or even release update for 11.1)? Even after kernel intervention it still
seems like buffer overflow to me.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.