Coda File System

[PATCH]: Fix overruns in codasrv main routine

From: Neil Horman <nhorman_at_tuxdriver.com>
Date: Mon, 20 Jul 2009 19:47:14 -0400
Hey, glibc just found this on fedora.  A stack overrun of a few bytes in the
sname variable in the coda server main routine.  Its 20 bytes long, and at least
one of the sprintfs writes at least 23 bytes to the buffer.  The patch below
fixes it.  I suppose switching to snprintf would be better, but the code seems
so unlikely to change further at this point, this just seemed a bit more
straightforward

Neil


Signed-off-by: Neil Horman <nhorman_at_tuxdriver.com>


 srv.cc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coda-src/vice/srv.cc b/coda-src/vice/srv.cc
index e0c5144..d75cc52 100644
--- a/coda-src/vice/srv.cc
+++ b/coda-src/vice/srv.cc
@@ -315,7 +315,7 @@ void zombie(int sig)
 
 int main(int argc, char *argv[])
 {
-    char    sname[20];
+    char    sname[32];
     int     i;
     struct stat buff;
     PROCESS serverPid, resPid, smonPid, resworkerPid;
Received on 2009-07-20 20:04:48