dir: avoid heap-overflow during verify job

Fixes #1210: Security vulnerability results in heap overflow in director when doing a Verify job against a file daemon. Previously the code did not check that the target buffer that scanf() wrote into was big enough to fit the data. This patch now resizes the buffer to the size of the message buffer that is being parsed ensuring that there is no heap overflow anymore. (backport of 86c6fa4)
bareos · Jul 9, 2020 · 916b63c · 916b63c
1 parent c95b9e7
commit 916b63c
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/dird/fd_cmds.c b/src/dird/fd_cmds.c
@@ -953,6 +953,7 @@ int get_attributes_and_put_in_catalog(JCR *jcr)
       char *p, *fn;
       POOL_MEM Digest(PM_MESSAGE);    /* Either Verify opts or MD5/SHA1 digest */
 
+      Digest.check_size(fd->msglen);
       if ((len = sscanf(fd->msg, "%ld %d %s", &file_index, &stream, Digest.c_str())) != 3) {
          Jmsg(jcr, M_FATAL, 0, _("<filed: bad attributes, expected 3 fields got %d\n"
                                  "msglen=%d msg=%s\n"), len, fd->msglen, fd->msg);