#51015 Ticket 51014 - slapi_pal.c possible static buffer overflow
Closed 3 years ago by spichugi. Opened 3 years ago by firstyear.
firstyear/389-ds-base 51014-slapi-pal-overflow  into  master

@@ -126,7 +126,7 @@ 

  static char *

  _spal_cgroupv2_path() {

      FILE *f;

-     char s[256] = {0};

+     char s[MAXPATHLEN + 1] = {0};

      char *res = NULL;

      /* We discover our path by looking at /proc/self/cgroup */

      f = fopen("/proc/self/cgroup", "r");

Bug Description: Due to an incorrect use of a buffer size,
static analysis in suse detected a possible overflow in
slapi pal. However, it requires root permissions to exploit
anything, and thus is not a security issues.

Fix Description: Change the buffer we read the cgroup into
to be maxpathlen size.


Author: William Brown william@blackhats.net.au

Review by: ???

I will backport this to 1.4.2 as well :)

rebased onto a252a6f

3 years ago

Pull-Request has been merged by firstyear

3 years ago

To ssh://pagure.io/389-ds-base.git
877f628..b213ed4 389-ds-base-1.4.2 -> 389-ds-base-1.4.2

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/4068

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

3 years ago