Mailinglist Archive: opensuse-bugs (4297 mails)

< Previous Next >
[Bug 1041840] New: Buffer overflow in /usr/bin/initviocons
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 30 May 2017 21:01:42 +0000
  • Message-id: <bug-1041840-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1041840


Bug ID: 1041840
Summary: Buffer overflow in /usr/bin/initviocons
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: x86-64
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
Assignee: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
Reporter: daniel@xxxxxxxxxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

To reproduce this bug:

/usr/bin/initviocons -F `perl -e 'print "A" x 8192'`

in main.c, main() function:

char device[128] = "";
...
...
...
case 'F': sprintf(device, "%s", optarg); break;

Changing to snprintf should resolve this.

Kind regards,
Daniel Roberson

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >