[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
ahughes at redhat.com
Wed Aug 1 11:40:43 UTC 2012
java_props_md.c allocates a 64 byte buffer for the return value of setlocale
on the stack. However, there appears to be no set limit on the return value:
and no check in the code to ensure that its length is 63 characters or less
(allowing for '\0'). While language and country are defined by ISO, I don't
believe there's any limit on the optional encoding and variant entries.
replaces the allocation with a dynamic buffer based on the length of lc.
Original bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497666
Ok for tl? If so, can I have a bug ID?
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the core-libs-dev