http://bugzilla.novell.com/show_bug.cgi?id=588325 http://bugzilla.novell.com/show_bug.cgi?id=588325#c1 --- Comment #1 from Sebastian Krahmer <krahmer@novell.com> 2010-04-07 09:56:04 UTC --- Use this patch at least, fixing buffer overflow: --- lockdev-1.0.3_git201003141408/src/lockdev.c 2010-03-14 15:08:35.000000000 +0100 +++ lockdev-1.0.3_git201003141408.new/src/lockdev.c 2010-04-07 10:56:42.000000000 +0200 @@ -497,7 +497,7 @@ } if ( strcmp( p, "tty") == 0 ) p = ttyname( 0); /* this terminal, if it exists */ - if (((l = strlen(p)) == 0) || (l > (MAXPATHLEN - strlen(LOCK_PATH)))) + if (((l = strlen(p)) == 0) || (l >= (MAXPATHLEN - strlen(LOCK_PATH)) - strlen("/LCK..."))) return NULL; if ((m = malloc(++l)) == NULL) return NULL; -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.