[Bug 301624] Re: icmake disables FORTIFY
Kees Cook
kees at ubuntu.com
Mon Nov 24 16:23:34 UTC 2008
hdr.version is defined as: char version[4]. "version" is extern, so the
length is unknown at compile time. At runtime, however, the problem
happens, as "version" is ultimately defined as "7.11.1" via rss/version.c
and /VERSION. This is a real overflow. I recommend the following patch to
for the moment until upstream has a better suggestion:
strncpy(hdr.version, version, sizeof(hdr.version));
this will leave the hdr.version unterminated, but based on other code that
tries to read it, this field appears to be evaluated not as a string, so
it's likely to be okay. If not, use:
strncpy(hdr.version, version, sizeof(hdr.version));
hdr.version[sizeof(hdr.version)-1]='\0';
--
icmake disables FORTIFY
https://bugs.launchpad.net/bugs/301624
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list