389-ds-base

Clone
Source Code
GIT

#51015 Ticket 51014 - slapi_pal.c possible static buffer overflow
Closed 3 years ago by spichugi. Opened 4 years ago by firstyear.
firstyear/389-ds-base 51014-slapi-pal-overflow  into  master

file modified
+1 -1 
@@ -126,7 +126,7 @@ 
 

  static char *
 

  _spal_cgroupv2_path() {
 

      FILE *f;
 

-     char s[256] = {0};
 

+     char s[MAXPATHLEN + 1] = {0};
 

      char *res = NULL;
 

      /* We discover our path by looking at /proc/self/cgroup */
 

      f = fopen("/proc/self/cgroup", "r");

Bug Description: Due to an incorrect use of a buffer size,
static analysis in suse detected a possible overflow in
slapi pal. However, it requires root permissions to exploit
anything, and thus is not a security issues.

Fix Description: Change the buffer we read the cgroup into
to be maxpathlen size.

https://pagure.io/389-ds-base/issue/51014

Author: William Brown william@blackhats.net.au

Review by: ???

I will backport this to 1.4.2 as well :)

ACK

rebased onto a252a6f
4 years ago

Pull-Request has been merged by firstyear
4 years ago

To ssh://pagure.io/389-ds-base.git
877f628..b213ed4 389-ds-base-1.4.2 -> 389-ds-base-1.4.2

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/4068

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 1
+1 -1
file changed
ldap/servers/slapd/slapi_pal.c
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.