[Devel] [ openser-Bugs-1620701 ] Buffer overflow by long lines in
permissions
SourceForge.net
noreply at sourceforge.net
Fri Dec 22 10:50:32 CET 2006
Bugs item #1620701, was opened at 2006-12-22 10:50
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1620701&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Bastian Friedrich (bastian)
Assigned to: Nobody/Anonymous (nobody)
Summary: Buffer overflow by long lines in permissions
Initial Comment:
Hi,
today a bug in OpenSER was reported on bugtraq (not found by me!):
http://www.securityfocus.com/archive/1/455097/30/0/threaded
String lengths are not properly checked in parse_expression_list (modules/permissions/parse_config.c) while copying from input variable str (up to 500 chars) to str2 (up to 100 chars).
I can reproduce the problem by using a line like
ALLLLLLL (500 L's) : ALLLLLLL (another 500 L's) in a permission file.
As the configuration file is under administrative control, no security breach is directly implied.
Best,
Bastian
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1620701&group_id=139143
More information about the Devel
mailing list