Mailinglist Archive: opensuse-bugs (4724 mails)

< Previous Next >
[Bug 588325] AUDIT-0: lockdev
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 7 Apr 2010 09:56:05 +0000
  • Message-id: <20100407095605.90DF9245467@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=588325

http://bugzilla.novell.com/show_bug.cgi?id=588325#c1


--- Comment #1 from Sebastian Krahmer <krahmer@xxxxxxxxxx> 2010-04-07 09:56:04
UTC ---
Use this patch at least, fixing buffer overflow:

--- lockdev-1.0.3_git201003141408/src/lockdev.c 2010-03-14 15:08:35.000000000
+0100
+++ lockdev-1.0.3_git201003141408.new/src/lockdev.c 2010-04-07
10:56:42.000000000 +0200
@@ -497,7 +497,7 @@
}
if ( strcmp( p, "tty") == 0 )
p = ttyname( 0); /* this terminal, if it exists */
- if (((l = strlen(p)) == 0) || (l > (MAXPATHLEN - strlen(LOCK_PATH))))
+ if (((l = strlen(p)) == 0) || (l >= (MAXPATHLEN - strlen(LOCK_PATH)) -
strlen("/LCK...")))
return NULL;
if ((m = malloc(++l)) == NULL)
return NULL;

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >